You are currently viewing Critical Zero-Day in HPE Systems Insight Manager Revealed

Critical Zero-Day in HPE Systems Insight Manager Revealed

Hewlett Packard Enterprise recently revealed a security flaw in its Systems Insight Manager software. This zero-day bug resides in the recent versions of the server software and is reportedly unpatched. Servers running the affected software are liable to Remote Code Execution.


HPE SIM is a software that facilitates automated hardware management covering an expansive range of HPE servers, networking, and storage products. These servers include the HPE ProLiant Gen9 and Gen10 Servers.

This zero-day bug, tracked as CVE-2020-7200, has been evaluated to be of critical severity with a score of 9.8. According to the security bulletin published by HPE, the vulnerability arises due to improper input validation in the “Federated Search” and “Federated CMS Configuration” features. Thus, an attacker can target the logic of the Action Message Format (AMF) deserializer while processing untrusted data to subsequently pull off code execution. The exploitation of this flaw involves attacks with low complexity and does not need user interaction.


Affected Software
HPE Systems Insight Manager (SIM) 7.6.x on Windows and Linux operating systems.


Impact
An unauthenticated, remote attacker could effect a code execution on the servers hosting the vulnerable software.


Solution
At the time of writing, no fix is available. Besides, HPE has stated that the vulnerability will be patched in a future release. However, HPE recommends Windows users to follow certain mitigation steps. These steps serve as a temporary measure against attacks and are as follows:

  • Stop HPE SIM Service
  • Delete <C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war> file from sim installed path del /Q /F C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war
  • Restart HPE SIM Service
  • Wait for HPE SIM web page “https://SIM_IP:50000” to be accessible and execute the following command from the command prompt. mxtool -r -f toolsmulti-cms-search.xml 1>nul 2>nul

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments