Critical Zero-Day in HPE Systems Insight Manager Revealed
Hewlett Packard Enterprise recently revealed a security flaw in its Systems Insight Manager software (Vulnerability in HPE Systems). This zero-day bug resides in the recent versions of the server software and is reportedly unpatched. Servers running the affected software are liable to Remote Code Ex...
Hewlett Packard Enterprise recently revealed a security flaw in its Systems Insight Manager software (Vulnerability in HPE Systems). This zero-day bug resides in the recent versions of the server software and is reportedly unpatched. Servers running the affected software are liable to Remote Code Execution. A vulnerability management solution can help detect this vulnerability.
However, a patch management solution is required to mitigate/patch the vulnerability.
HPE SIM is software that facilitates automated hardware management covering an expansive range of HPE servers, networking, and storage products. These servers include the HPE ProLiant Gen9 and Gen10 Servers.
This Vulnerability in HPE Systems zero-day bug, tracked as CVE-2020-7200, evaluated to be of critical severity with a score of 9.8. According to the security bulletin published by HPE, the vulnerability arises due to improper input validation in the “Federated Search” and “Federated CMS Configuration” features. Thus, an attacker can target the logic of the Action Message Format (AMF) deserializer while processing untrusted data to subsequently pull off code execution. The exploitation of this flaw involves attacks with low complexity and does not need user interaction.
Affected Software
HPE Systems Insight Manager (SIM) 7.6.x on Windows and Linux operating systems.
Impact
An unauthenticated, remote attacker could effect a code execution on the servers hosting the vulnerable software.
Solution
At the time of writing, no fix is available. Besides, HPE has stated that the vulnerability patched in a future release. However, HPE recommends Windows users to follow certain mitigation steps. These steps serve as a temporary measure against attacks and are as follows:
- Stop HPE SIM Service
- Delete <C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war> file from sim installed path del /Q /F C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war
- Restart HPE SIM Service
- Wait for HPE SIM web page “https://SIM_IP:50000” to be accessible and execute the following command from the command prompt. mxtool -r -f toolsmulti-cms-search.xml 1>nul 2>nul
