CVE-2023-28373 MEDIUM

CVE-2023-28373: FlashArray SafeMode Immutable Vulnerability

Vendor Pure Storage
Product FlashArray Purity
Published October 2, 2023
Last update September 23, 2024

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

Key dates

02Disclosure timeline

October 2, 2023 CVE published
September 23, 2024 Record updated