CVE-2022-32554 – This vulnerability exposes credentials for Pure... (How to Fix)

Q: What is the severity of CVE-2022-32554?

CVE-2022-32554 has a CVSS score of 9.8 (CRITICAL). This vulnerability exposes credentials for Pure Storage FlashArray and FlashBlade management interfaces, potentially allowing attackers with network access to execute arbitrary commands with root privileges. Affected systems include Pure Storage FlashArray running Purity//FA 6.2.0-6.2.3, 6.1.0-6.1.12, 6.0.0-6.0.8, 5.3.0-5.3.17, 5.2.x and prior, and FlashBlade running Purity//FB 3.3.0, 3.2.0-3.2.4, 3.1.0-3.1.12, 3.0.x and prior.

📋 TL;DR

This vulnerability exposes credentials for Pure Storage FlashArray and FlashBlade management interfaces, potentially allowing attackers with network access to execute arbitrary commands with root privileges. Affected systems include Pure Storage FlashArray running Purity//FA 6.2.0-6.2.3, 6.1.0-6.1.12, 6.0.0-6.0.8, 5.3.0-5.3.17, 5.2.x and prior, and FlashBlade running Purity//FB 3.3.0, 3.2.0-3.2.4, 3.1.0-3.1.12, 3.0.x and prior.

💻 Affected Systems

Products:

Pure Storage FlashArray
Pure Storage FlashBlade

Versions: Purity//FA: 6.2.0-6.2.3, 6.1.0-6.1.12, 6.0.0-6.0.8, 5.3.0-5.3.17, 5.2.x and prior; Purity//FB: 3.3.0, 3.2.0-3.2.4, 3.1.0-3.1.12, 3.0.x and prior

Operating Systems: Pure Storage Purity OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects management interface access; no other Pure Storage products or services are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing data theft, destruction, or ransomware deployment across the storage infrastructure.

🟠

Likely Case

Unauthorized access to management interface leading to configuration changes, data access, or service disruption.

🟢

If Mitigated

Limited impact if management interfaces are properly segmented and access-controlled.

🌐 Internet-Facing: HIGH - Management interfaces exposed to internet could be directly exploited using known credentials.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems could exploit this vulnerability to gain root access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to management interface and knowledge of exposed credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply security bundle 2022-04-04 or upgrade to unaffected versions: Purity//FA 6.2.4+, 6.1.13+, 6.0.9+, 5.3.18+; Purity//FB 3.3.1+, 3.2.5+, 3.1.13+

Vendor Advisory: https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04

Restart Required: Yes

Instructions:

1. Download security bundle 2022-04-04 from Pure Storage support portal. 2. Apply via self-serve opt-in patch, manual patch application, or upgrade to unaffected Purity version. 3. Restart affected systems as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to management interfaces using firewall rules and network segmentation.

Access Control Lists

all

Implement strict IP-based access controls for management interfaces.

🧯 If You Can't Patch

Immediately isolate management interfaces from untrusted networks and internet
Implement multi-factor authentication and strong access controls for management access

🔍 How to Verify

Check if Vulnerable:

Check Purity version via Pure Storage management interface or CLI: pureversion

Check Version:

pureversion

Verify Fix Applied:

Verify version is updated to patched version and security bundle 2022-04-04 is applied

📡 Detection & Monitoring

Log Indicators:

Unauthorized login attempts to management interface
Unexpected configuration changes
Root-level command execution

Network Indicators:

Unusual traffic to management interface ports
Connection attempts from unexpected sources

SIEM Query:

source="purestorage" AND (event_type="authentication_failure" OR event_type="privileged_command")

📊 Metadata

CVE ID: CVE-2022-32554

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: June 23, 2022

Last Updated: November 21, 2024

🔗 References

https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04 Mitigation,Vendor Advisory
https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

Purity\/\/fb by Purestorage

Purity\/\/fb by Purestorage

Purity\/\/fb by Purestorage

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export