CVE-2023-4976 CRITICAL

CVE-2023-4976: FlashBlade Authentication Mechanism Vulnerability

Vendor Purestorage
Product FlashBlade
Weakness CWE-269
Published July 17, 2024
Last update April 10, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

Key dates

02Disclosure timeline

July 17, 2024 CVE published
April 10, 2025 Record updated