CVE-2024-0001 – A local administrative account intended for ini... (How to Fix)

Q: What is the severity of CVE-2024-0001?

CVE-2024-0001 has a CVSS score of 10.0 (CRITICAL). A local administrative account intended for initial FlashArray configuration remains active after setup, allowing attackers with local access to gain elevated privileges. This affects Pure Storage FlashArray systems running vulnerable Purity versions. Organizations using these storage arrays are at risk.

📋 TL;DR

A local administrative account intended for initial FlashArray configuration remains active after setup, allowing attackers with local access to gain elevated privileges. This affects Pure Storage FlashArray systems running vulnerable Purity versions. Organizations using these storage arrays are at risk.

💻 Affected Systems

Products:

Pure Storage FlashArray

Versions: Specific versions not provided in CVE; consult Pure Storage advisory

Operating Systems: Purity OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where initial configuration account was not properly disabled

📦 What is this software?

Purity\/\/fa by Purestorage

View all CVEs affecting Purity\/\/fa →

Purity\/\/fa by Purestorage

View all CVEs affecting Purity\/\/fa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of FlashArray storage system with administrative control over all data, configuration, and connected systems.

🟠

Likely Case

Unauthorized administrative access leading to data theft, configuration changes, or service disruption.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent local access to management interfaces.

🌐 Internet-Facing: LOW (requires local access to management interface)

🏢 Internal Only: HIGH (malicious insider or compromised internal system could exploit)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to management interface but simple to execute once access is obtained

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Pure Storage advisory for specific fixed versions

Vendor Advisory: https://purestorage.com/security

Restart Required: Yes

Instructions:

1. Review Pure Storage security advisory. 2. Apply recommended Purity update. 3. Verify initial configuration account is disabled. 4. Restart affected systems as required.

🔧 Temporary Workarounds

Disable Initial Configuration Account

all

Manually disable the initial configuration account if patch cannot be applied immediately

# Consult Pure Storage documentation for account disablement commands

Restrict Management Interface Access

all

Limit network access to FlashArray management interfaces

# Configure firewall rules to restrict access to management IPs/ports

🧯 If You Can't Patch

Implement strict network segmentation to isolate FlashArray management interfaces
Enable multi-factor authentication and strict access controls for administrative accounts

🔍 How to Verify

Check if Vulnerable:

Check if initial configuration account exists and is enabled in Purity management interface

Check Version:

# purearray list --version (or equivalent Pure Storage CLI command)

Verify Fix Applied:

Verify account is disabled and Purity version matches patched version from advisory

📡 Detection & Monitoring

Log Indicators:

Unusual login attempts to initial configuration account
Administrative actions from unexpected accounts

Network Indicators:

Unauthorized access attempts to FlashArray management ports

SIEM Query:

source="flasharray" AND (event_type="login" AND user="initial_config*")

📊 Metadata

CVE ID: CVE-2024-0001

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-1188

Published: September 23, 2024

Last Updated: September 27, 2024

🔗 References

https://purestorage.com/security Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0001, you might also want to check these: