Lucene search

PureStorageCVELIST:CVE-2023-36627

HistoryOct 02, 2023 - 10:47 p.m.

CVE-2023-36627 FlashBlade Snapshot Scheduler

2023-10-0222:47:12

PureStorage

www.cve.org

flashblade

snapshot

scheduler

vulnerability

timezone

configuration

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FlashBlade Purity",
    "vendor": "Pure Storage",
    "versions": [
      {
        "lessThanOrEqual": "3.3.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.0.5",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.1.2",
        "status": "affected",
        "version": "4.1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

Related for CVELIST:CVE-2023-36627