CVE-2024-3057

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 8, 2024

Updated: Oct 10, 2024

CWE ID 269

Summary

CVE-2024-3057 is a critical vulnerability affecting several Pure Storage FlashArray products, including models zS8bHN, zS8bHP, zS8bHO, zS8bHQ, zTkJva, and zTkJvb. The flaw allows attackers to perform specific calls to a FlashArray endpoint, resulting in privilege escalation without requiring user interaction. Its CVSS score of 9.8 indicates that the vulnerability poses significant risks to confidentiality, integrity, and availability, with potential impacts on organizational data security. To mitigate this risk, organizations should apply recommended patches or updates as soon as they are available from Pure Storage. For further details and support regarding this vulnerability, users can refer to the Pure Storage product security page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database