¡¾Îó²îͨ¸æ¡¿CVE-2020-7200 HPE SIMÔ¶³Ì´úÂëÖ´ÐÐÎó²î
Ðû²¼Ê±¼ä 2020-12-170x00 Îó²î¸ÅÊö
CVE ID | CVE-2020-7200 | ʱ ¼ä | 2020-12-17 |
Àà ÐÍ | RCE | µÈ ¼¶ | ÑÏÖØ |
Ô¶³ÌʹÓà | ÊÇ | Ó°Ïì¹æÄ£ | HPE SIM 7.6.X |
0x01 Îó²îÏêÇé
HPE Systems Insight Manager£¨SIM£©ÊÇÓÃÓÚ¶à¸öHPEЧÀÍÆ÷¡¢´æ´¢ºÍÍøÂç²úÆ·µÄÖÎÀíºÍÔ¶³ÌÖ§³Ö×Ô¶¯»¯½â¾ö¼Æ»®¡£¡£¡£¡£
2020Äê12ÔÂ15ÈÕ£¬£¬£¬£¬£¬£¬£¬HPEÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬£¬Ðû²¼ÁËSIMÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-7200£©£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.8¡£¡£¡£¡£
¸ÃÎó²îÊÇδ¶ÔÓû§Ìá½»µÄÊý¾Ý¾ÙÐÐ׼ȷÑéÖ¤Ôì³ÉµÄ£¬£¬£¬£¬£¬£¬£¬Õâ¿ÉÄܵ¼Ö²»¿ÉÐÅÊý¾ÝµÄ·´ÐòÁл¯£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔʹÓôËÎó²îÔÚÄ¿µÄЧÀÍÆ÷ÉÏÖ´ÐдúÂ룬£¬£¬£¬£¬£¬£¬ÎÞÐèÓû§½»»¥ÇÒʹÓÃÖØÆ¯ºóµÍ¡£¡£¡£¡£
0x02 ´¦Öóͷ£½¨Òé
HPE SIMÖ§³ÖLinuxºÍWindowsϵͳ¡£¡£¡£¡£ÏÖÔÚ£¬£¬£¬£¬£¬£¬£¬HPE½öÐû²¼ÁËÕë¶ÔWindowsϵͳµÄÔÝʱ²½·¥£¬£¬£¬£¬£¬£¬£¬HPE½«ÔÚδÀ´µÄ°æ±¾ÖÐÌṩ¸ÃÎó²îµÄÍêÕûÐÞ¸´³ÌÐò¡£¡£¡£¡£
ÔÝʱ²½·¥£¨½öÊÊÓÃÓÚwindowsϵͳ£©£º
½ûÓá°ÁªºÏËÑË÷¡±ºÍ¡°ÁªºÏCMSÉèÖá±¹¦Ð§£¬£¬£¬£¬£¬£¬£¬°ì·¨ÈçÏ£º
1.×èÖ¹HPE SIMЧÀÍ¡£¡£¡£¡£
2.´ÓSIMµÄ×°Ö÷¾¶ÖÐɾ³ý
3.ÖØÆôHPE SIMЧÀÍ¡£¡£¡£¡£
4. ÆÚ´ýHPE SIMÍøÒ³¡° https£º// SIM_IP£º50000¡±¿É»á¼ûºó£¬£¬£¬£¬£¬£¬£¬ÔÚÏÂÁîÌáÐÑ·ûÖÐÖ´ÐиÃÏÂÁmxtool -r -f tools\multi-cms-search.xml 1>nul 2>nul¡£¡£¡£¡£
0x03 ²Î¿¼Á´½Ó
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
https://www.bleepingcomputer.com/news/security/hpe-discloses-critical-zero-day-in-server-management-software/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7200
0x04 ʱ¼äÏß
2020-12-15 HPEÐû²¼Ç徲ͨ¸æ
2020-12-16 HPE¸üÐÂÇ徲ͨ¸æ
2020-12-17 VSRCÐû²¼Ç徲ͨ¸æ
0x05 ¸½Â¼
CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/