CVE-2024-0003 – This vulnerability allows a malicious user to e... (How to Fix)

Q: What is the severity of CVE-2024-0003?

CVE-2024-0003 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows a malicious user to exploit a remote administrative service in FlashArray Purity to create unauthorized privileged accounts on the storage array. This affects organizations using vulnerable versions of Pure Storage FlashArray systems. Attackers could gain administrative control over storage infrastructure.

📋 TL;DR

This vulnerability allows a malicious user to exploit a remote administrative service in FlashArray Purity to create unauthorized privileged accounts on the storage array. This affects organizations using vulnerable versions of Pure Storage FlashArray systems. Attackers could gain administrative control over storage infrastructure.

💻 Affected Systems

Products:

Pure Storage FlashArray with Purity operating environment

Versions: Specific versions not provided in reference; consult Pure Storage advisory for exact affected versions.

Operating Systems: Purity OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the remote administrative service; default configurations may expose this service.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of storage array with administrative privileges, allowing data theft, destruction, or ransomware deployment across connected systems.

🟠

Likely Case

Unauthorized administrative access leading to data exfiltration, configuration changes, or service disruption.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent unauthorized access to administrative interfaces.

🌐 Internet-Facing: HIGH if administrative services are exposed to the internet without proper controls.

🏢 Internal Only: HIGH as internal attackers or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the administrative service but appears straightforward based on CWE-269 (Improper Privilege Management).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific version not provided; check Pure Storage advisory for patched versions.

Vendor Advisory: https://purestorage.com/security

Restart Required: No

Instructions:

1. Review Pure Storage security advisory for affected versions. 2. Apply the recommended Purity update via Pure Storage support or management interface. 3. Verify the update completes successfully.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit network access to FlashArray administrative services to trusted IP addresses only.

Configure firewall rules to restrict access to FlashArray management IP/ports (e.g., 443/TCP) to authorized networks.

Disable Unnecessary Services

all

Disable remote administrative services if not required for operations.

Consult Pure Storage documentation to disable specific administrative services via CLI or GUI.

🧯 If You Can't Patch

Implement strict network segmentation to isolate FlashArray management interfaces from untrusted networks.
Enforce multi-factor authentication and strong access controls for administrative accounts.

🔍 How to Verify

Check if Vulnerable:

Check Purity version against Pure Storage advisory; if running an affected version and administrative services are accessible, system is vulnerable.

Check Version:

From FlashArray CLI: pureversion or from GUI: System > About

Verify Fix Applied:

Verify Purity version is updated to a patched version listed in the Pure Storage advisory.

📡 Detection & Monitoring

Log Indicators:

Unexpected account creation events in FlashArray logs
Unauthorized access attempts to administrative services

Network Indicators:

Unusual traffic to FlashArray administrative ports from untrusted sources

SIEM Query:

Example: source="flasharray" AND (event_type="account_creation" OR auth_failure)

📊 Metadata

CVE ID: CVE-2024-0003

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-269

Published: September 23, 2024

Last Updated: September 27, 2024

🔗 References

https://purestorage.com/security Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0003, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

Purity\/\/fa by Purestorage

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Administrative Access

Disable Unnecessary Services

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities