CVE-2023-28373— FlashArray SafeMode Immutable Vulnerability

CVSS 4.4 · Medium EPSS 0.04% · P12 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-28373

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

FlashArray SafeMode Immutable Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Pure Storage FlashBlade 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Pure Storage FlashBlade是美国Pure Storage公司的一个用于文件和对象工作负载的整合存储平台。 FlashBlade Purity (OE) 4.1.0版本存在安全漏洞，该漏洞源于阵列管理员通过配置外部密钥管理器影响系统上数据的可用性，包括受 SafeMode 保护的快照。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Pure Storage	FlashArray Purity	6.1.0 ~ 6.1.22	-

II. Public POCs for CVE-2023-28373

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-28373

请登录查看更多情报信息。

Same Patch Batch · Pure Storage · 2023-10-02 · 6 CVEs total

CVE-2023-36628	8.8 HIGH	Privilege Escalation in VASA
CVE-2023-36627	7.7 HIGH	FlashBlade Snapshot Scheduler
CVE-2023-31042	7.7 HIGH	FlashBlade Object Store Protocol
CVE-2023-28372	6.5 MEDIUM	FlashBlade Object Store Privileged Access
CVE-2023-32572	6.5 MEDIUM	FlashArray pgroup Retention Lock SafeMode Protection

IV. Related Vulnerabilities

Same product: FlashArray Purity

Same vendor: Pure Storage

V. Comments for CVE-2023-28373

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-28373— FlashArray SafeMode Immutable Vulnerability

I. Basic Information for CVE-2023-28373

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-28373

III. Intelligence Information for CVE-2023-28373

Same Patch Batch · Pure Storage · 2023-10-02 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-28373

Leave a comment