Login Sign Up

CVE-2022-32553

8.8 HIGH

📋 TL;DR

This vulnerability allows logged-in users on affected Pure Storage FlashArray and FlashBlade systems to escalate privileges by manipulating environment variables. Attackers can escape restricted shells to gain unrestricted root access. Only users with existing shell access to these storage systems are affected.

💻 Affected Systems

Products:
  • Pure Storage FlashArray
  • Pure Storage FlashBlade
Versions: FlashArray Purity//FA 6.2.0-6.2.3, 6.1.0-6.1.12, 6.0.0-6.0.8, 5.3.0-5.3.17, 5.2.x and prior; FlashBlade Purity//FB 3.3.0, 3.2.0-3.2.4, 3.1.0-3.1.12, 3.0.x and prior
Operating Systems: Pure Storage Purity OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with shell access enabled for users. No other Pure Storage products or services are affected.

📦 What is this software?

Purity\/\/fa by Purestorage

View all CVEs affecting Purity\/\/fa →

Purity\/\/fa by Purestorage

View all CVEs affecting Purity\/\/fa →

Purity\/\/fa by Purestorage

View all CVEs affecting Purity\/\/fa →

Purity\/\/fa by Purestorage

View all CVEs affecting Purity\/\/fa →

Purity\/\/fb by Purestorage

View all CVEs affecting Purity\/\/fb →

Purity\/\/fb by Purestorage

View all CVEs affecting Purity\/\/fb →

Purity\/\/fb by Purestorage

View all CVEs affecting Purity\/\/fb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root access, allowing data theft, destruction, or ransomware deployment across connected storage infrastructure.

🟠

Likely Case

Privileged insider or compromised user account escalates to root, potentially accessing sensitive data or disrupting storage operations.

🟢

If Mitigated

Limited impact if proper access controls restrict shell access to trusted administrators only.

🌐 Internet-Facing: LOW - Requires authenticated shell access, typically not exposed to internet.
🏢 Internal Only: HIGH - Internal users with shell access can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated shell access. Exploitation involves environment variable manipulation to escape restricted shells.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply security bundle 2022-04-04 or upgrade to unaffected versions: FlashArray Purity//FA 6.2.4+, 6.1.13+, 6.0.9+, 5.3.18+; FlashBlade Purity//FB 3.3.1+, 3.2.5+, 3.1.13+

Vendor Advisory: https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04

Restart Required: Yes

Instructions:

1. Download security bundle 2022-04-04 from Pure Storage support portal. 2. Apply via self-serve opt-in patch, manual patch application, or upgrade to unaffected Purity version. 3. Reboot affected systems after patch application.

🔧 Temporary Workarounds

Restrict Shell Access

all

Limit shell access to only essential administrative users to reduce attack surface.

🧯 If You Can't Patch

  • Implement strict access controls to limit shell access to trusted administrators only
  • Monitor shell sessions and environment variable modifications for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Purity version via Pure Storage management interface or CLI: 'pureversion' command

Check Version:

pureversion

Verify Fix Applied:

Verify version is patched: FlashArray Purity//FA 6.2.4+, 6.1.13+, 6.0.9+, 5.3.18+; FlashBlade Purity//FB 3.3.1+, 3.2.5+, 3.1.13+

📡 Detection & Monitoring

Log Indicators:

  • Unusual shell escalation attempts
  • Environment variable manipulation in shell sessions
  • Root privilege acquisition from non-admin users

Network Indicators:

  • Unusual SSH or console access patterns to storage systems

SIEM Query:

source="pure-storage" AND (event_type="shell_escape" OR user_privilege_change="root")

📊 Metadata

CVE ID: CVE-2022-32553
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: June 23, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON