HP is working on a patch for security vulnerability that enables remote illegal access to its StoreVirtual enterprise products.
According to the firm, the backdoor flaw enables HP support to access the core in-built operating system (OS), LeftHand OS, which cannot be accessed by the end user, while some access is offered via the HP StoreVirtual Command-Line Interface (CLiQ).
The flaw is said to be security hole and anyone with an account username and password provided for backdoor access can access the systems and the operating system.
HP issued an advisory that all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer.
"This functionality cannot be disabled today," the advisory noted.
The vulnerability affects HP products including StoreOnce D2D Backup platforms running software version 2.2.17 or older and 1.2.17 or older, while releasing updates, 2.2.18 and 1.2.18.
The patch would help users that need to upgrade their HP StoreVirtual systems.
"HP Support may still request root access to customer systems in order to resolve certain support issues," HP said.