CVE-2020-7200

CRITICAL

HP Systems Insight Manager - Remote Code Execution

Title source: rule

Description

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.

Exploits (2)

nomisec WORKING POC 6 stars

by alexfrancow · poc

https://github.com/alexfrancow/CVE-2020-7200

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Harrison Neal, Jang, Grant Willcox · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hpe_sim_76_amf_deserialization.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161721/HPE-Systems-Insight-Manager-AMF-Deserialization-Remote-Code-Execution.html

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04068en_us

Scores

CVSS v3 9.8

EPSS 0.8554

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

hp/systems_insight_manager 7.6

Published Dec 18, 2020

Tracked Since Feb 18, 2026