HPE Patched Critical zero-day in server Management Software

HPE (Hewlett Packard Enterprise) has recently published a critical zero-day bug in one of the latest versions of its exclusive HPE Systems Insight Manager (SIM) software for Windows and Linux. However, all the security updates are not yet available for the remote code execution; that’s why HPE has implemented some mitigations for Windows that are working on the Zero-day address.

HPE SIM is a superintendence and remote support automation resolution for various HPE servers, storage, and networking commodities, but all these are not limited to HPE ProLiant Gen10 and HPE ProLiant Gen9 Servers. 

RCE vulnerability

The vulnerability, named CVE-2020-7200, is reported by Harrison Neal through Trend Micro’s Zero Day Initiative; this vulnerability also affects the HPE Systems Insight Manager (SIM) 7.6.x.

According to HPE report, this vulnerability is one of the critical vulnerabilities that generally enables the attackers with no privileges to exploit it as part of cheap complexity attacks that don’t even need any user communication.

But, HPE did not reveal in their security advisory that whether the zero-day bug is exploited in the wild or not. The experts stated that the reason for causing this vulnerability is the lack of fitting validation of user-supplied0 data.

However, all this results in the deserialization of untrusted data and making it possible for the threat actors to leverage it to administer code on servers that are running vulnerable software.

Mitigations

HPE strongly recommended all the admins who use HPE SIM management software to use the following method to block CVE-2020-7200 attacks:-

  • Initially, stop HPE SIM Service.
  • After that, delete C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war file from sim installed path del /Q /F C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war
  • Now, restart HPE SIM Service.
  • After performing all the above-mentioned steps, wait for the HPE SIM web page “https://SIM_IP:50000” to be available and administer the following command from a command prompt. mxtool -r -f toolsmulti-cms-search.xml 1>nul 2>nul

Apart from this, the mitigations that are given by HPE are a perfect fix that stops the remote code execution vulnerability, and it will be available in a future release. Moreover, the users who are using the HPE SIM will be incapable of using the federated search feature.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

LEAVE A REPLY

Please enter your comment!
Please enter your name here