Zero-day vulnerability in Hewlett Packard Enterprise management software

Hewlett Packard Enterprise (HPE) security teams released a report related to a recently found zero-day remote code execution vulnerability in the latest versions of HPE Systems Insight Manager (SIM) for Windows and Linux systems. The flaw has not yet been fixed, so users of affected versions will need to resort to a temporary solution.

HPE SIM is a remote support and management automation solution for multiple HPE servers, storage, and network products including HPE ProLiant Gen10 and HPE ProLiant Gen9 servers.

La imagen tiene un atributo ALT vacío; su nombre de archivo es HPE16122020.jpg

As some users will remember, zero-day flaws are publicly disclosed vulnerabilities that affected development providers have failed to fix and have even been exploited in the wild.

The flaw, tracked as CVE-2020-7200, resides in HPE SIM 7.6 and received a score of 9.8/10 according to the Common Vulnerability Scoring System (CVSS). Successful exploitation would allow a non privileged attacker to execute malicious code on servers running vulnerable software.

According to the report, the vulnerability is the result of the lack of adequate validation of user-provided data that can result in the deserialization of unverified data, allowing hackers to complete the attack. At the moment only one temporary solution is known for Windows systems, so HPE SIM users on Linux will have to wait for the release of the corresponding updates.

Flaw mitigation requires disabling the “federated search” and “federated CMS configuration” features. The steps to deploy the workaround are shown below:

  • Stop HPE SIM service
  • Delete the file C:-Program Files-HP-Systems Insight Manager-jboss-server-hpsim-deploy-simsearch.war from the installation path of the /Q /F C:-Program Files-HP-Systems Insight Manager-jboss-server-hpsim-deploy-simsearch.war
  • Restart HPE SIM service
  • Wait for the HPE SIM web page “https: // SIM_IP:50000” to be accessed and run the following command from a command prompt. mxtool -r -f tools ? multi-cms-search.xml 1> nul 2> nul

Remember that this is a workaround, so you’ll need to install the required updates as soon as they’re available.