{"id":17869,"date":"2020-12-18T00:10:00","date_gmt":"2020-12-17T23:10:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=17869"},"modified":"2020-12-17T19:11:19","modified_gmt":"2020-12-17T18:11:19","slug":"kritische-0-day-schwachstelle-in-hpe-systems-insight-manager-sim-7-6-x","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/12\/18\/kritische-0-day-schwachstelle-in-hpe-systems-insight-manager-sim-7-6-x\/","title":{"rendered":"Critical 0-day vulnerability in HPE Systems Insight Manager (SIM) 7.6.x"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/12\/17\/kritische-0-day-schwachstelle-in-hpe-systems-insight-manager-sim-7-6-x\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Hewlett Packard Enterprise (HPE) has issued a security advisory. There is a critical vulnerability (0-day bug) in HPE Systems Insight Manager (SIM) that affects Linux and Windows versions. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/7857744df4684cf283b988cff39ffb4b\" width=\"1\" height=\"1\">I recently came across <a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1339222698078199808\" target=\"_blank\" rel=\"noopener\">this tweet<\/a> from my colleagues at Bleeping Computer, who <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hpe-discloses-critical-zero-day-in-server-management-software\/\" target=\"_blank\" rel=\"noopener\">point out<\/a> the 0-day vulnerability in HPE's server management software.&nbsp; <\/p>\n<p><a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1339222698078199808\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"0-Day vulnerability in HPE Server Management-Software\" alt=\"0-Day vulnerability in HPE Server Management-Software\" src=\"https:\/\/i.imgur.com\/Kzsla3h.png\"><\/a><\/p>\n<p><a href=\"https:\/\/buy.hpe.com\/us\/en\/software\/infrastructure-management-software\/insight-foundation-software\/insight-foundation-server-management-suites\/hpe-systems-insight-manager-sim\/p\/489496\" target=\"_blank\" rel=\"noopener\">HPE SIM<\/a> is an automation solution for management and remote support for multiple HPE servers, storage, and networking products, including but not limited to HPE ProLiant Gen10 and HPE ProLiant Gen9 servers. A zero-day bug exists in the latest versions of HPE Systems Insight Manager (SIM) for Windows and Linux. The vulnerability, registered as CVE-2020-7200, affects HPE Systems Insight Manager (SIM) 7.6.x.<\/p>\n<p>The RCE vulnerability was reported by Harrison Neal via Trend Micro's Zero Day Initiative and is rated critical by HPE. CVE-2020-7200 allows attackers without privileges to perform low-complexity attacks that do not require user interaction. The vulnerability results from the lack of proper validation of user-supplied data. This can lead to the deserialization of untrusted data. This allows an attacker to exploit the vulnerability to execute code on servers running the vulnerable software version.erm\u00f6glicht dies, die Schwachstelle auszunutzen, um Code auf Servern auszuf\u00fchren, auf denen die anf\u00e4llige Software-Version l\u00e4uft.<\/p>\n<p>0-Day means there are no security updates yet for this remote code execution (RCE). HPE did not disclose in the security advisory whether the zero-day bug is also being exploited in the wild. HPE <a href=\"https:\/\/support.hpe.com\/hpesc\/public\/docDisplay?docLocale=en_US&amp;docId=hpesbgn04068en_us\" target=\"_blank\" rel=\"noopener\">has provided<\/a> mitigation information for Windows in this security advisory and is working to fix the zero-day. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Hewlett Packard Enterprise (HPE) has issued a security advisory. There is a critical vulnerability (0-day bug) in HPE Systems Insight Manager (SIM) that affects Linux and Windows versions.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-17869","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/17869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=17869"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/17869\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=17869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=17869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=17869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}