The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary.
Hewlett Packard Enterprise (HPE) has fixed a critical zero-day remote code execution (RCE) flaw in its HPE Systems Insight Manager (SIM) software for Windows that it originally disclosed in December.
HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers, including the HPE ProLiant Gen10 and HPE ProLiant Gen9, as well as for storage and networking products.
The company updated its initial security advisory on Thursday. More than a month ago, on April 20, HPE had issued an earlier SIM hotfix update kit that resolves the vulnerability.