Critical Bug Gives Attackers Control of Vulnerable SAP Business Applications
20 July 2020
SAP has issued patches to fix a critical RECON (Remotely Exploitable Code On Netweaver) vulnerability that can lead to total compromise of vulnerable SAP installations. It has been assigned the highest risk score of 10 on the Common Vulnerability Scoring System (CVSS), the most severe rating possible.
If exploited, CVE-2020-6287, would give a malicious actor full access to the affected system, including the ability to create a new SAP user with maximum privileges, alter financial records, corrupt data, delete or change logs and traces, harvest personally identifiable information and other actions that could put organisations at severe risk.
The vulnerability, which can be launched via HTTP over an internet-facing interface, affects a default element present in every SAP application running on top of the SAP NetWeaver AS Java 7.3 and upwards. This includes SAP SCM, SAP Solution Manager, SAP PI and SAP Enterprise Portal. Impacting over 40,000 of their customers, with at least 2,500 vulnerable systems currently exposed to the internet.
Organisations must apply the relevant patches immediately, prioritising internet-facing systems, and then internal systems. Those unable to patch straight away should mitigate the vulnerability by disabling the LM Configuration Wizard service. In addition, continue monitoring your SAP NetWeaver AS for anomalous activity over the coming days.
An INTERPOL assessment of the impact of COVID-19 on cybercrime shows a significant spike across the globe during the pandemic including a shift in target from individuals and small businesses to major corporations, governments and critical infrastructure, which play a crucial role in responding to the outbreak.
SAP has issued patches to fix a critical RECON vulnerability that can lead to total compromise of vulnerable SAP installations. It has been assigned the highest risk score of 10 on the CVSS, the most severe rating possible. It can be launched via HTTP over an internet-facing interface.
Microsoft has disclosed a critical vulnerability that has been around for nearly two decades in the Windows DNS Server. The vulnerability, which allows for remote code execution, affects versions 2003 to 2019, and can be prompted by a malicious DNS response. If exploited an attacker could gain Domain Administrator rights, and compromise the entire corporate infrastructure. Full advisory here…