cve/2024/CVE-2024-0001.md

### [CVE-2024-0001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0001)
![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.3.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.4.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1188%20Insecure%20Default%20Initialization%20of%20Resource&color=brightgreen)

### Description

A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xb0rn3/r3cond0g
- https://github.com/ADA-XiaoYao/ADA-XiaoYao-ADA-ZeroDay-Framework-CLI
- https://github.com/GerriaLeSure/cybersecurity-risk-assessment-platform
- https://github.com/Harrywang12/lockdown
- https://github.com/Jimmy-Barrios/EPSS-Scoring
- https://github.com/Mahdi-Assadi/Text_Clustering
- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework
- https://github.com/ProjectZeroDays/zero-click-exploits
- https://github.com/RobloxSecurityResearcher/RobloxVulnerabilityCVE-2024-0001
- https://github.com/SV-ZeroOne/cyber-ai-info
- https://github.com/Victorkib/vulnscope
- https://github.com/allensuvorov/vuln-scan-query
- https://github.com/arnoldsimon/cve_project
- https://github.com/arshiyaazizi/Netbaan
- https://github.com/arshiyaazizi/Unique-Vulnerability-Identification-API-
- https://github.com/bendrorr/vulnerability-management
- https://github.com/jiupta/CVE-2024-0001-EXP
- https://github.com/juanpadiaz/Threat-Intel-Hub
- https://github.com/mauvehed/kevvy
- https://github.com/miketigerblue/chroma-curator
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pgdn-network/pgdn-cve
- https://github.com/shashwat12304/cyber-graph-viz
- https://github.com/zefparis/zero-click-benji