CVE-2024-0005
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary commands on FlashArray and FlashBlade Purity storage systems by sending specially crafted SNMP configuration data. Attackers could gain full control of affected systems without authentication. Organizations using vulnerable versions of these storage products are affected.
💻 Affected Systems
- Pure Storage FlashArray
- Pure Storage FlashBlade
📦 What is this software?
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fa by Purestorage
Purity\/\/fb by Purestorage
Purity\/\/fb by Purestorage
Purity\/\/fb by Purestorage
Purity\/\/fb by Purestorage
Purity\/\/fb by Purestorage
Purity\/\/fb by Purestorage
Purity\/\/fb by Purestorage
Purity\/\/fb by Purestorage
Purity\/\/fb by Purestorage
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing data theft, destruction, or ransomware deployment across connected storage infrastructure.
Likely Case
Unauthorized access to storage systems leading to data exfiltration or service disruption.
If Mitigated
Limited impact if SNMP access is restricted to trusted networks and monitored for anomalies.
🎯 Exploit Status
Exploitation requires SNMP access but no authentication; complexity is low once SNMP access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Pure Storage advisory for specific fixed versions
Vendor Advisory: https://purestorage.com/security
Restart Required: Yes
Instructions:
1. Review Pure Storage security advisory for affected versions. 2. Apply recommended Purity OS update. 3. Restart affected storage systems. 4. Verify SNMP functionality post-update.
🔧 Temporary Workarounds
Disable SNMP Service
allTemporarily disable SNMP service until patch can be applied
purestorage CLI: purearray snmp disable
purestorage CLI: pureblade snmp disable
Restrict SNMP Access
allLimit SNMP access to trusted management networks only
Configure firewall rules to restrict SNMP (UDP 161) to management IPs only
🧯 If You Can't Patch
- Isolate affected storage systems from untrusted networks using firewall rules
- Implement strict network segmentation and monitor SNMP traffic for anomalies
🔍 How to Verify
Check if Vulnerable:
Check Purity OS version against Pure Storage advisory; verify SNMP service statusCheck Version:
purestorage CLI: purearray version or pureblade versionVerify Fix Applied:
Confirm Purity OS version is updated to patched version; test SNMP functionality📡 Detection & Monitoring
Log Indicators:
- Unusual SNMP configuration changes
- Failed SNMP authentication attempts
- Unexpected command execution logs
Network Indicators:
- SNMP traffic from unexpected sources
- Unusual SNMP packet sizes or patterns
SIEM Query:
source="storage_system" AND (event="SNMP_config_change" OR event="command_execution")