CVE-2022-32552 in Purity FA
Summary
by MITRE • 06/23/2022
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/23/2022
This vulnerability represents a critical privilege escalation flaw in Pure Storage FlashArray and FlashBlade storage systems that allows authenticated users to gain root-level access through manipulation of Python environment variables. The issue affects multiple version ranges across both product lines, spanning from Purity//FA 5.2.x through 6.2.3 and Purity//FB 3.0.x through 3.3.0, indicating a widespread exposure across the product lifecycle. The vulnerability specifically targets the restricted shell environment that normally limits user capabilities, enabling attackers to escape these constraints and obtain full administrative privileges.
The technical exploitation occurs through the manipulation of Python environment variables within the system's execution context, which allows a logged-in user to bypass the intended security boundaries of the restricted shell. This type of vulnerability falls under CWE-276, which describes improper privileges, and aligns with ATT&CK technique T1068, which covers local privilege escalation through environment variable manipulation. The flaw leverages the trust placed in the Python runtime environment and the assumptions made about variable handling within the storage system's operational framework, creating an attack vector that requires only authentication credentials rather than specialized tools or external exploits.
The operational impact of this vulnerability is severe as it transforms a logged-in user account into a root-level administrative session, potentially allowing attackers to access, modify, or delete sensitive data stored on the storage arrays. This privilege escalation capability enables comprehensive system compromise, including the ability to manipulate storage configurations, access protected data sets, and potentially use the compromised systems as launching points for further attacks within the network. The vulnerability affects the core storage infrastructure, which often serves as a critical data repository for enterprise environments, making the impact potentially catastrophic for organizations relying on these systems.
Organizations affected by this vulnerability should immediately implement the remediation options provided by Pure Storage, including self-serve opt-in patches, manual patch application, or software upgrades to unaffected versions of Purity software. The vulnerability requires no special privileges beyond authentication, making it particularly dangerous as it can be exploited by any user with legitimate access to the systems. Security teams should conduct immediate assessments of affected systems and implement monitoring for potential exploitation attempts, while also reviewing access controls and user permissions to minimize potential impact from any successful exploitation attempts. The vulnerability demonstrates the importance of proper environment variable handling and privilege management in storage systems, highlighting the need for comprehensive security testing of all execution contexts within enterprise storage infrastructure.