HPE (Hewlett Packard Enterprise) has recently published a critical zero-day bug in one of the latest versions of its exclusive HPE Systems Insight Manager (SIM) software for Windows and Linux. However, all the security updates are not yet available for the remote code execution; that’s why HPE has implemented some mitigations for Windows that are working on the Zero-day address.
HPE SIM is a superintendence and remote support automation resolution for various HPE servers, storage, and networking commodities, but all these are not limited to HPE ProLiant Gen10 and HPE ProLiant Gen9 Servers.
RCE vulnerability
The vulnerability, named CVE-2020-7200, is reported by Harrison Neal through Trend Micro’s Zero Day Initiative; this vulnerability also affects the HPE Systems Insight Manager (SIM) 7.6.x.
According to HPE report, this vulnerability is one of the critical vulnerabilities that generally enables the attackers with no privileges to exploit it as part of cheap complexity attacks…