cbcvebase.
CVE-2020-7200
published 2020-12-18

CVE-2020-7200: A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote…

PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
81.89%
99.6th percentile
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
hpsystems_insight_manager

Detection & IOCsextracted from sources · hover to see the quote

path/simsearch/messagebroker/amfsecure
processhpsimsvc.exe
  • Monitor for unauthenticated HTTP POST requests to /simsearch/messagebroker/amfsecure on HPE SIM 7.6.x hosts; this endpoint is the attack vector for the insecure AMF deserialization RCE.
  • Alert on unexpected child processes or network connections spawned by hpsimsvc.exe, as successful exploitation results in code execution under that administrative process.
  • Check Point IPS blade signature 'HPE Insight Manager Insecure Deserialization (CVE-2020-7200)' can be used for network-level detection.
  • The exploit leverages the bundled Commons Collections 3.2.2 library shipped with HPE SIM for gadget-chain deserialization; detect deserialization payloads characteristic of Commons Collections gadget chains in AMF traffic.
  • ·Vulnerability is exploitable with no privileges required and low attack complexity, meaning no authentication bypass is needed — any network-reachable attacker can trigger it.
  • ·Only HPE SIM version 7.6.x on Windows is affected; other versions or platforms are not confirmed vulnerable.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.