HPE Patches the Zero-Day Vulnerabiity in Systems Insight Manager Software for Windows

 

Hewlett Packard Enterprise (HPE) has released a security update to patch critical zero-day remote code execution (RCE) vulnerability in its HPE Systems Insight Manager (SIM) software for Windows that it initially revealed in December 2020.

HPE updated its original security advisory on Wednesday. However, the SIM hotfix update kit which resolves the flaw was published more than a month ago, on April 20. HPE SIM is a management and remote support automation tool for Windows and Linux intended to be used with the company’s servers, storage, and networking products, including the HPE ProLiant Gen10 and HPE ProLiant Gen9. 

Security researchers labeled the flaw (CVE-2020-7200) as an ‘extremely high-risk’ flaw. It allows attackers with no privileges to remotely execute the code and is commonly found in the latest versions (7.6.x) of HPE’s SIM software and specifically targets the Windows version. This bug allows low-complexity attacks that don’t require user interaction.

“This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM,” according to Packet Storm. The lack of proper validation of user-supplied data can lead to the deserialization of untrusted data, enabling attackers to execute code on servers running vulnerable SIM software.

HPE has released a security advisory for the system admins who are unable to deploy the CVE-2020-7200 security update on vulnerable systems. To safeguard your devices, HPE has provided mitigation measures that involve removing the “Federated Search” & “Federated CMS Configuration” features that allowed the vulnerability.

System admins who use the HPE SIM management software have to use the following procedure to block CVE-2020-7200 attacks: 

1. Stop HPE SIM Service 

2. Delete file from sim installed path del /Q /F C:Program FilesHPSystems Insight Managerjbossserverhpsimdeploysimsearch.war 

3. Restart HPE SIM Service

4. Wait for HPE SIM web page “https://SIM_IP:50000” to be accessible and execute the following command from command prompt. mxtool -r -f toolsmulti-cms-search.xml 1>nul 2>nul

By following the above procedures system admins can be prevented from being exploited by potential attackers, it will also mean that HPE SIM users can no longer use the federated search feature.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source