HP StorageWorks Storage Mirroring software version 4.5 SP1 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with elevated privileges.
The vulnerability exists due to insufficient bounds checking when handling user-supplied input submitted as part of the authentication sequence. An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious authentication request that is designed to corrupt system memory in an exploitable manner. If successful an attacker could gain the ability to execute arbitrary code with elevated privileges.
Functional exploit code that exploits the buffer overflow in the authentication mechanism is available.
HP confirmed this vulnerability in a support document and released updated software.