Security News > 2021 > May > HPE fixes critical zero-day vulnerability disclosed in December
Hewlett Packard Enterprise has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager software, disclosed last year, in December.
HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant Gen10 and ProLiant Gen9 servers.
The RCE vulnerability tracked as CVE-2020-7200 was found in the latest versions of HPE's proprietary Systems Insight Manager software, and it ONLY affects the Windows version.
HPE rated the bug as a critical severity security flaw as it allows attackers with no privileges to exploit it in low complexity attacks that don't require user interaction.
Wait for the HPE SIM web page "Https://SIM IP:50000" to be accessible and execute the following command from a command prompt: mxtool -r -f toolsmulti-cms-search.
Once the mitigation measures are taken, HPE SIM users will no longer be able to use the federated search feature.
News URL
Related news
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-18 | CVE-2020-7200 | Unspecified vulnerability in HP Systems Insight Manager 7.6 A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. | 7.5 |