Enomaly ECP versions up to and including 3.0.4 are believed to contain an insecure silent update mechanism that could allow a remote attacker to execute arbitrary code as root, and to inject or modify VM workloads for execution within user environment or to replay older, insecure workloads. Both the Enomaly ECP implementation and the VMcasting protocol itself are believed to be vulnerable.
e16285c2f1ba9ebc8fd42584526dc51cf5c5ff2063e048b6d25545b604a2ead0