HPE has patched a critical zero-day remote code execution (RCE) vulnerability in its HPE Systems Insight Manager (SIM) software for Windows, which was first revealed in December.
This is a high-risk vulnerability that could allow attackers with no privileges to execute code remotely. It’s tracked as CVE-2020-7200 and is rated 9.8 out of 10. It’s only affecting the Windows version and is present in the latest versions (7.6.x) of HPE’s SIM software.
This flaw enables low-complexity attacks without the need for user interaction. It lets attackers to execute malware within the context of HPE SIM’s hpsimsvc.exe process, which runs with administrative capabilities, according to Packet Storm.
To Read More: threatpost