10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.859 High
EPSS
Percentile
98.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the dbd_manager component which receives messages via the hydra process. This process listens on TCP port 13841. The dbd_manager uses the libens library for unmarshalling received messages, among other things. During the unmarshalling process an undersized allocation occurs followed by a copy of data to this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the root user.