HPE (Hewlett Packard Enterprise) has recently published a critical zero-day bug in one of the latest versions of its exclusive HPE Systems Insight Manager (SIM) software for Windows and Linux. However, all the security updates are not yet available for the remote code execution; that’s why HPE has implemented some mitigations for Windows that are working on the Zero-day address.
HPE SIM is a superintendence and remote support automation resolution for various HPE servers, storage, and networking commodities, but all these are not limited to HPE ProLiant Gen10 and HPE ProLiant Gen9 Servers.
RCE vulnerability
The vulnerability, named CVE-2020-7200, is reported by Harrison Neal through Trend Micro’s Zero Day Initiative; this vulnerability also affects the HPE Systems Insight Manager (SIM) 7.6.x.
According to HPE report, this vulnerability is one of the critical vulnerabilities that generally enables the attackers with no privileges to exploit it as part of cheap complexity attacks that don’t even need any user communication.
But, HPE did not reveal in their security advisory that whether the zero-day bug is exploited in the wild or not. The experts stated that the reason for causing this vulnerability is the lack of fitting validation of user-supplied0 data.
However, all this results in the deserialization of untrusted data and making it possible for the threat actors to leverage it to administer code on servers that are running vulnerable software.
Mitigations
HPE strongly recommended all the admins who use HPE SIM management software to use the following method to block CVE-2020-7200 attacks:-
- Initially, stop HPE SIM Service.
- After that, delete C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war file from sim installed path del /Q /F C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war
- Now, restart HPE SIM Service.
- After performing all the above-mentioned steps, wait for the HPE SIM web page “https://SIM_IP:50000” to be available and administer the following command from a command prompt. mxtool -r -f toolsmulti-cms-search.xml 1>nul 2>nul
Apart from this, the mitigations that are given by HPE are a perfect fix that stops the remote code execution vulnerability, and it will be available in a future release. Moreover, the users who are using the HPE SIM will be incapable of using the federated search feature.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.
