A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.