Pure Storage Purity FA/Purity FB Restricted Shell access control

A vulnerability has been found in Pure Storage Purity FA and Purity FB (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown part of the component Restricted Shell. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

019
119

Field

exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1
vulnerability_cvss3_vuldb_tempscore1
vulnerability_cvss3_vuldb_basescore1

Commit Conf

90%27
50%11

Approve Conf

90%27
80%11
IDCommitedUserFieldChangeRemarksAcceptedReasonC
1264233206/23/2022VulD...price_0day$0-$5ksee exploit price documentation06/23/2022accepted
90
1264233106/23/2022VulD...cvss3_meta_tempscore7.6see CVSS documentation06/23/2022accepted
90
1264233006/23/2022VulD...cvss3_meta_basescore8.0see CVSS documentation06/23/2022accepted
90
1264232906/23/2022VulD...cvss3_vuldb_tempscore7.6see CVSS documentation06/23/2022accepted
90
1264232806/23/2022VulD...cvss3_vuldb_basescore8.0see CVSS documentation06/23/2022accepted
90
1264232706/23/2022VulD...cvss2_vuldb_tempscore6.7see CVSS documentation06/23/2022accepted
90
1264232606/23/2022VulD...cvss2_vuldb_basescore7.7see CVSS documentation06/23/2022accepted
90
1264232506/23/2022VulD...cvss3_vuldb_eXderived from historical data06/23/2022accepted
80
1264232406/23/2022VulD...cvss3_vuldb_avAderived from historical data06/23/2022accepted
80
1264232306/23/2022VulD...cvss2_vuldb_eNDderived from historical data06/23/2022accepted
80
1264232206/23/2022VulD...cvss2_vuldb_auSderived from historical data06/23/2022accepted
80
1264232106/23/2022VulD...cvss2_vuldb_avAderived from historical data06/23/2022accepted
80
1264232006/23/2022VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector06/23/2022accepted
80
1264231906/23/2022VulD...cvss2_vuldb_rcCderived from vuldb v3 vector06/23/2022accepted
80
1264231806/23/2022VulD...cvss2_vuldb_aiCderived from vuldb v3 vector06/23/2022accepted
80
1264231706/23/2022VulD...cvss2_vuldb_iiCderived from vuldb v3 vector06/23/2022accepted
80
1264231606/23/2022VulD...cvss2_vuldb_ciCderived from vuldb v3 vector06/23/2022accepted
80
1264231506/23/2022VulD...cvss2_vuldb_acLderived from vuldb v3 vector06/23/2022accepted
80
1264231406/23/2022VulD...date1655935200 (06/23/2022)06/23/2022accepted
90
1264231306/23/2022VulD...cve_nvd_summaryPure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.cve.org06/23/2022accepted
90

18 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!