Security News > 2021 > May > HPE fixes critical zero-day vulnerability disclosed in December

HPE fixes critical zero-day vulnerability disclosed in December
2021-05-27 13:15

Hewlett Packard Enterprise has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager software, disclosed last year, in December.

HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant Gen10 and ProLiant Gen9 servers.

The RCE vulnerability tracked as CVE-2020-7200 was found in the latest versions of HPE's proprietary Systems Insight Manager software, and it ONLY affects the Windows version.

HPE rated the bug as a critical severity security flaw as it allows attackers with no privileges to exploit it in low complexity attacks that don't require user interaction.

Wait for the HPE SIM web page "Https://SIM IP:50000" to be accessible and execute the following command from a command prompt: mxtool -r -f toolsmulti-cms-search.

Once the mitigation measures are taken, HPE SIM users will no longer be able to use the federated search feature.


News URL

https://www.bleepingcomputer.com/news/security/hpe-fixes-critical-zero-day-vulnerability-disclosed-in-december/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-12-18 CVE-2020-7200 Unspecified vulnerability in HP Systems Insight Manager 7.6
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6.
network
low complexity
hp
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
HPE 172 0 45 78 18 141