CVE-2020-7200: Critical HPE Vulnerability Now Patched

A critical vulnerability in HEP SIM could enable attackers to carry out remote code execution attacks, without the need of user interaction.

The vulnerability has been assigned the CVE-2020-7200 number, and was originally disclosed in December 2020. Fortunately, the critical zero-day has now been fixed.

What is HPE SIM? The software tool enables remote support automation and management for various HPE servers, such as HPE ProLiant Gen10 and HPE ProLiant Gen9, and storage and networking products. Following the fix, the company updated the original security advisory. It should be noted that, about a month ago, HPE issued a hotfix that could resolve the security issue.

More about CVE-2020-7200

According to the official advisory, “a potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.”

According to Packet Storm, the flaw is triggered by a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. “This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM,” Packet Storm explained.

A workaround is also available for users that, for some reason, cannot update their vulnerable systems immediately. The company has provided mitigation tricks for systems prior to the Hotfix Update Kit which was issued on April 20:

1.Stop HPE SIM Service
2.Delete file from sim installed path del /Q /F C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\simsearch.war
3.Restart the HPE SIM Service
4.Wait for HPE SIM web page “https://SIM_IP:50000” to be accessible and execute the following command from command prompt: mxtool -r -f tools\multi-cms-search.xml 1>nul 2>nul

However, it should be noted that HPE SIM users won’t be capable of deploying the federated search feature, if they apply the workaround.

In 2018, ransomware hit thousands of HPE Integrated Lights-Out 4 interfaces (HPE iLO 4). These interfaces provide access to HP Enterprise servers and their remote control. The ransomware encrypted the hard drives of the servers and then demanded Bitcoins as a ransom to restore the files within the drives. A security researcher that goes by the twitter handle @M_Shahpasandi was the first to discover the attack.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me: