Hewlett-Packard (HP) released a patch Dec. 20 to cover a remote code execution vulnerability in its StorageWorks Storage Mirroring software.
The software is used to provide host-based replication and failover. Details on the exact cause of the vulnerability were not available. According to an advisory from VUPEN Security, which rated the vulnerability “critical,” the issue is caused by an unknown error that could be exploited to allow remote, unauthenticated attackers to execute code with escalated privilege.
Only HP StorageWorks Storage Mirroring v5 prior to v220.127.116.111.2 is impacted by the bug. According to HP, customers can get protection by downloading StorageWorks Storage Mirroring v18.104.22.1681.2.
“HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin,” according to the HP advisory. “HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.”