Login Sign Up

CVE-2020-7200

9.8 CRITICAL
Remote Code Execution Deserialization

📋 TL;DR

CVE-2020-7200 is a critical remote code execution vulnerability in HPE Systems Insight Manager (SIM) version 7.6, caused by insecure AMF deserialization. Attackers can exploit this to execute arbitrary code on affected systems. Organizations running HPE SIM 7.6 are affected.

💻 Affected Systems

Products:
  • HPE Systems Insight Manager (SIM)
Versions: Version 7.6
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of HPE SIM 7.6 are vulnerable regardless of configuration.

📦 What is this software?

Systems Insight Manager by Hp

View all CVEs affecting Systems Insight Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal sensitive data, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to data theft, system manipulation, and potential ransomware deployment.

🟢

If Mitigated

Limited impact if systems are isolated, patched, or have strict network controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing systems extremely vulnerable.
🏢 Internal Only: HIGH - Even internal systems are at high risk due to unauthenticated remote exploitation capability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code exists and exploitation requires no authentication, making this easily weaponizable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to HPE SIM version 7.6.1 or later

Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04068en_us

Restart Required: Yes

Instructions:

1. Download the patch from HPE Support Portal. 2. Backup current configuration. 3. Apply the patch following HPE's installation guide. 4. Restart the HPE SIM service.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to HPE SIM to only trusted management networks

Use firewall rules to block external access to HPE SIM ports (typically 50000-50050)

Disable Unnecessary Services

all

Disable AMF deserialization endpoints if not required

Consult HPE documentation for specific service disablement procedures

🧯 If You Can't Patch

  • Immediately isolate affected systems from internet and untrusted networks
  • Implement strict network segmentation and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check HPE SIM version via web interface or installation directory properties

Check Version:

Check web interface or installation directory for version information

Verify Fix Applied:

Verify version is 7.6.1 or later and test AMF endpoints are no longer vulnerable

📡 Detection & Monitoring

Log Indicators:

  • Unusual AMF deserialization requests
  • Suspicious process creation from HPE SIM service
  • Unexpected network connections from HPE SIM

Network Indicators:

  • Malformed AMF requests to HPE SIM ports
  • Exploit traffic patterns matching public PoCs

SIEM Query:

source="hpe_sim" AND (event="deserialization" OR event="amf_request") AND status="error"

📊 Metadata

CVE ID: CVE-2020-7200
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: December 18, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON