Hewlett Packard Enterprise (HPE) has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager (SIM) software, disclosed last year, in December.

HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant Gen10 and ProLiant Gen9 servers.

The RCE vulnerability tracked as CVE-2020-7200 was found in the latest versions (7.6.x) of HPE's proprietary Systems Insight Manager (SIM) software, and it ONLY affects the Windows version.

HPE rated the bug as a critical severity (9.8/10) security flaw. CVE-2020-7200 stems from a lack of proper validation of user-supplied data, making it possible for attackers to leverage it to execute code on servers.

HPE also provides mitigation info for those who cannot immediately deploy the CVE-2020-7200 security update on vulnerable systems.

Source: bleepingcomputer.com