¡¾Îó²îͨ¸æ¡¿CVE-2020-7200 HPE SIMÔ¶³Ì´úÂëÖ´ÐÐÎó²î

Ðû²¼Ê±¼ä 2020-12-17

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2020-7200

ʱ   ¼ä

2020-12-17

Àà   ÐÍ

RCE

µÈ   ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

HPE SIM 7.6.X

 

0x01 Îó²îÏêÇé


 

image.png

HPE Systems Insight Manager£¨SIM£©ÊÇÓÃÓÚ¶à¸öHPEЧÀÍÆ÷¡¢´æ´¢ºÍÍøÂç²úÆ·µÄÖÎÀíºÍÔ¶³ÌÖ§³Ö×Ô¶¯»¯½â¾ö¼Æ»®¡£¡£¡£¡£

2020Äê12ÔÂ15ÈÕ£¬£¬£¬£¬£¬£¬£¬HPEÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬£¬Ðû²¼ÁËSIMÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-7200£©£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.8¡£¡£¡£¡£

¸ÃÎó²îÊÇδ¶ÔÓû§Ìá½»µÄÊý¾Ý¾ÙÐÐ׼ȷÑéÖ¤Ôì³ÉµÄ£¬£¬£¬£¬£¬£¬£¬Õâ¿ÉÄܵ¼Ö²»¿ÉÐÅÊý¾ÝµÄ·´ÐòÁл¯£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔʹÓôËÎó²îÔÚÄ¿µÄЧÀÍÆ÷ÉÏÖ´ÐдúÂ룬£¬£¬£¬£¬£¬£¬ÎÞÐèÓû§½»»¥ÇÒʹÓÃÖØÆ¯ºóµÍ¡£¡£¡£¡£

0x02 ´¦Öóͷ£½¨Òé

HPE SIMÖ§³ÖLinuxºÍWindowsϵͳ¡£¡£¡£¡£ÏÖÔÚ£¬£¬£¬£¬£¬£¬£¬HPE½öÐû²¼ÁËÕë¶ÔWindowsϵͳµÄÔÝʱ²½·¥£¬£¬£¬£¬£¬£¬£¬HPE½«ÔÚδÀ´µÄ°æ±¾ÖÐÌṩ¸ÃÎó²îµÄÍêÕûÐÞ¸´³ÌÐò¡£¡£¡£¡£

ÔÝʱ²½·¥£¨½öÊÊÓÃÓÚwindowsϵͳ£©£º

½ûÓá°ÁªºÏËÑË÷¡±ºÍ¡°ÁªºÏCMSÉèÖá±¹¦Ð§£¬£¬£¬£¬£¬£¬£¬°ì·¨ÈçÏ£º

1.×èÖ¹HPE SIMЧÀÍ¡£¡£¡£¡£

2.´ÓSIMµÄ×°Ö÷¾¶ÖÐɾ³ýÎļþ¡£¡£¡£¡£

3.ÖØÆôHPE SIMЧÀÍ¡£¡£¡£¡£

4. ÆÚ´ýHPE SIMÍøÒ³¡° https£º// SIM_IP£º50000¡±¿É»á¼ûºó£¬£¬£¬£¬£¬£¬£¬ÔÚÏÂÁîÌáÐÑ·ûÖÐÖ´ÐиÃÏÂÁmxtool -r -f tools\multi-cms-search.xml 1>nul 2>nul¡£¡£¡£¡£

 

0x03 ²Î¿¼Á´½Ó

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us

https://www.bleepingcomputer.com/news/security/hpe-discloses-critical-zero-day-in-server-management-software/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7200

 

0x04 ʱ¼äÏß

2020-12-15  HPEÐû²¼Ç徲ͨ¸æ

2020-12-16  HPE¸üÐÂÇ徲ͨ¸æ

2020-12-17  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png