| Vulnerability Status: Final | Source: Pure Storage | Initial Publication Date: 2024-07-17 | Last Updated: 2025-08-12 10:07:57 |
Summary:
A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.
CVE#: CVE-2023-4976
Severity (v3): 1 - Critical
Product(s): FlashBlade
Version First Fixed: Purity//FB 3.3.11, Purity//FB 4.1.9, Purity//FB 4.2.3, Purity//FB 4.3.0, Purity//FB 4.4.0
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4976