In the latest developments, Hewlett Packard Enterprise (HPE) has released a security update that addresses a zero-day vulnerability in its Systems Insight Manager (SIM) software when it was disclosed back in December 2020.
HPE zero-day in SIM software:
HPE Systems Insight Manager is a proprietary systems management tool designed to help manage Hewlett Packard Enterprise servers like HPE’s ProLiant Gen10 and ProLiant Gen9 servers.
Detailing the zero-day, it was found that the bug, tracked as CVE-2020-7200, is a remote code execution vulnerability that was impacting the latest version of Hewlett Packard Enterprise’s proprietary Systems Insight Manager (SIM) software.
Even though this zero-day impacts the attest i.e 7.6.x variants of the SIM software, it impacts only the Windows version.
The HPE zero-day has been rated a critical 9.8/10 on a severity scale as it facilitates the malicious entities with the ability to exploit the vulnerability in lenient attacks without any privileges or user interaction.
This critical zero-day is a result of insufficient validation of user-supplied data which subsequently fabricates deserialization of untrusted data.
This enables attackers to execute code on the vulnerable SIM software servers.
While the security advisory was released this week, the SIM hotfix update was issued in April itself.
Mitigating without hotfix by HPE:
For the servers that cannot patch the hotfix immediately, a mitigation provision has also been disclosed by the software enterprise for the zero-day.
Here, HPE instructs admins to disable the “Federated Search” and “Federated CMS Configuration” features to eliminate the attack medium.
System admins who use this SIM management software have to use the following procedure to curb this zero-day attacks:
- Stop the HPE SIM Service
- Delete C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\simsearch.war file from sim installed path del /Q /F C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\simsearch.war
- Restart the HPE SIM Service
- Wait for the HPE SIM web page “https://SIM_IP:50000” to be accessible and execute the following command from a command prompt: mxtool -r -f tools\multi-cms-search.xml 1>nul 2>nul