CVE-2023-28373
LOWCVSS 2.7/10EPSS 0.43%
Last modified
CVE-2023-28373 is a low-severity vulnerability rated 2.7/10 on the CVSS scale. A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. . EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Purestorage | Purity\/\/Fa | >= 6.1.0, <= 6.1.22 |
| Purestorage | Purity\/\/Fa | >= 6.2.0, <= 6.2.15 |
| Purestorage | Purity\/\/Fa | >= 6.3.0, <= 6.3.6 |
| Purestorage | Purity\/\/Fa | 6.4.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28373?
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
How severe is CVE-2023-28373?
CVE-2023-28373 has a CVSS score of 2.7/10 (LOW severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.
How do I fix CVE-2023-28373?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2023-28373?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST