发布日期：2022-06-23
更新日期：2022-08-18

受影响系统：

Pure Storage Pure Storage FlashArray > 6.2.0
Pure Storage Pure Storage FlashArray > 6.1.0
Pure Storage Pure Storage FlashArray > 6.0.0
Pure Storage Pure Storage FlashArray > 5.3.0
Pure Storage Pure Storage FlashArray <= 5.2.x
Pure Storage Pure Storage FlashArray < 6.2.3
Pure Storage Pure Storage FlashArray < 6.1.12
Pure Storage Pure Storage FlashArray < 6.0.8
Pure Storage Pure Storage FlashArray < 5.3.17
Pure Storage Pure Storage FlashBlade > 3.2.0
Pure Storage Pure Storage FlashBlade > 3.1.0
Pure Storage Pure Storage FlashBlade <= 3.0.x
Pure Storage Pure Storage FlashBlade < 3.2.4
Pure Storage Pure Storage FlashBlade < 3.1.12
Pure Storage Pure Storage FlashBlade 3.3.0

描述：

---

CVE(CAN) ID: CVE-2022-32554

Pure Storage FlashArray和Pure Storage FlashBlade都是美国Pure Storage公司的产品。Pure Storage FlashArray是一种全 QLC 闪存存储阵列。Pure Storage FlashBlade是一个用于文件和对象工作负载的整合存储平台。
Pure Storage FlashArray 6.2.0至6.2.3版本、6.1.0至6.1.12版本、6.0.0至6.0.8版本、5.3.0至5.3.17版本、5.2.x及之前版本、FlashBlade 3.3.0版本、3.2.0至3.2.4版本、3.1.0至3.1.12版本和3.0.x及之前版本存在任意代码执行漏洞。攻击者可利用该漏洞以根权限执行任意命令。

<*链接：https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%8
*>

建议：

---

厂商补丁：

Pure Storage
------------
Pure Storage已经为此发布了一个安全公告（2022-04-04）以及相应补丁:
2022-04-04：Security Advisory for security-bundle-2022-04-04
链接：https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%8

浏览次数：627
严重程度：0（网友投票）