Back

CVE-2023-4976

July 17, 2024, 4:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Purity//FB

Source

psirt@purestorage.com

Tags

CWE-269
2024-07-17
CVE-2023-4976
psirt@purestorage.com

CVE-2023-4976 details

Published : July 17, 2024, 4:15 p.m.
Last Modified : July 17, 2024, 4:15 p.m.

Description

A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-269 Improper Privilege Management The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

URL Source
https://purestorage.com/security psirt@purestorage.com
This website uses the NVD API, but is not approved or certified by it.