Warning: Publicly Available Exploit for SAP Solution Manager Vulnerability Discovered

Cybersecurity experts have issued a warning regarding a fully-functional exploit now circulating online, which targets SAP enterprise software. This exploit takes advantage of a vulnerability, identified as CVE-2020-6207, resulting from a lack of authentication checks in SAP Solution Manager (SolMan) version 7.2. SAP SolMan is a comprehensive application management solution that facilitates end-to-end application lifecycle management across distributed environments, serving as a central hub for managing SAP systems, including ERP, CRM, HCM, SCM, BI, and more. Researchers at Onapsis stated that successful exploitation could enable a remote, unauthenticated attacker to perform highly privileged administrative tasks within connected SAP SMD Agents, utilized for analyzing and monitoring SAP systems. This vulnerability has a critical CVSS base score of 10.0 and was addressed by SAP in a recent update.

Warning Issued for Fully-Functional Exploit Targeting SAP Solution Manager Vulnerability

January 23, 2021

Cybersecurity experts have issued a cautionary alert regarding a newly released, publicly accessible exploit that poses significant risks to SAP enterprise software. This exploit takes advantage of a vulnerability, identified as CVE-2020-6207, which arises from a lack of proper authentication checks in the SAP Solution Manager (SolMan) version 7.2.

SAP Solution Manager serves as a comprehensive application management and administration tool designed to support end-to-end application lifecycle management across diverse environments. It acts as a central hub for deploying and managing various SAP systems, including ERP, CRM, HCM, SCM, and BI solutions. The ramifications of this vulnerability are particularly severe, as a successful attack could empower a remote, unauthorized individual to execute high-level administrative functions within associated SAP SMD agents, the diagnostic toolkit utilized for monitoring and analyzing SAP systems.

The identified vulnerability has been assigned a critical CVSS base score of 10.0, indicating its potential for exploitation. Experts from Onapsis have highlighted the urgent need for businesses relying on SAP applications to prioritize addressing this vulnerability. The presence of a functional exploit in the public domain raises alarms about the increased risk of malicious actors attempting to gain unauthorized access.

Organizations that utilize SAP Solution Manager must be especially vigilant in monitoring their systems for signs of intrusion or other suspicious activities. Implementing robust security measures and regularly updating software can help mitigate these risks. With the exploit publicly available, the threat landscape has shifted, making it imperative for businesses to reassess their cybersecurity protocols.

In understanding the potential tactics utilized in this exploit, it is relevant to refer to the MITRE ATT&CK framework. Techniques such as initial access through exploitation of the vulnerability, persistence via maintaining access after the initial compromise, and privilege escalation to gain higher permissions within the system could be critical components of a targeted attack.

As the cybersecurity field continues to evolve, the release of such a significant exploit illustrates the challenges businesses face in safeguarding their systems against emerging threats. Security professionals and business owners are urged to remain informed and proactive in their defenses to protect sensitive data and maintain the integrity of their SAP environments.

Source link

Related Posts

Top 5 Bug Bounty Platforms to Watch in 2021

February 8, 2021

While Gartner has yet to establish a dedicated Magic Quadrant for Bug Bounty or Crowd Security Testing, its Peer Insights platform currently lists 24 vendors in the “Application Crowdtesting Services” category. We’ve identified the top 5 most promising bug bounty platforms for those looking to enhance their software testing strategies with insights and expertise from global security researchers:

  1. HackerOne
    As a leading name in the bug bounty space, backed by notable venture capitalists, HackerOne is widely recognized worldwide. According to their latest annual report, over 1,700 companies rely on HackerOne to strengthen their in-house application security testing. The report highlights that their security researchers earned around $40 million in bounties in 2019 alone, contributing to a cumulative total of $82 million. HackerOne is also known for coordinating bug bounty programs for the US government, among others.

Microsoft Releases Patches for Active 0-Day Vulnerability and 55 Other Windows Flaws

On February 10, 2021, Microsoft addressed a total of 56 vulnerabilities, including a critical 0-day exploit that is currently being targeted in the wild. Among these, 11 vulnerabilities are classified as Critical, 43 as Important, and 2 as Moderate in severity, with six being previously disclosed. The updates enhance security across various platforms, including .NET Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for Android, Microsoft Exchange Server, Microsoft Office, Windows Codecs Library, Skype for Business, Visual Studio, Windows Defender, and key system components such as Kernel, TCP/IP, Print Spooler, and Remote Procedure Call (RPC).

The most critical vulnerability addressed is a Windows Win32k privilege escalation issue (CVE-2021-1732, CVSS score 7.8), which could allow attackers with access to a system to execute malicious code with elevated privileges. Microsoft acknowledges the contributions of JinQuan, MaDongZe, TuXiaoYi, and LiHao from DBAPPSecurity in identifying this vulnerability.

Iranian Hackers Deploy ScreenConnect for Espionage Against UAE and Kuwait Government Agencies

February 11, 2021

Recent research reveals that UAE and Kuwait government agencies have fallen victim to a new cyberespionage initiative, likely orchestrated by Iranian threat actors. Attributed to the group known as Static Kitten (also referred to as MERCURY or MuddyWater), Anomali reports that the aim of this operation is to install a remote management tool named ScreenConnect, which was acquired by ConnectWise in 2015, using unique launch parameters and custom properties. Malware samples and URLs have been disguised as communications from the Kuwaiti Ministry of Foreign Affairs and the UAE National Council. Since its emergence in 2017, MuddyWater has been linked to several attacks targeting Middle Eastern nations, actively exploiting the Zerologon vulnerability to launch real-world attacks against significant Israeli organizations. This state-sponsored hacking group is believed to operate under the direction of Iran’s Islamic Revolutionary Guard Corps.

Malvertising Group Harnesses WebKit 0-Day to Redirect Users to Scam Sites

February 17, 2021

A malvertising collective known as “ScamClub” has exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirect users to fraudulent gift card scam websites. The attacks, first identified by the advertising security firm Confiant in late June 2020, took advantage of a bug (CVE-2021–1801) that allowed malicious actors to circumvent the iframe sandboxing policy in the browser engine used by Safari and Google Chrome on iOS, enabling them to execute harmful code. This technique specifically targeted the way WebKit manages JavaScript event listeners, allowing attackers to escape the sandbox of an ad’s inline frame even with the “allow-top-navigation-by-user-activation” attribute in place, which typically prevents redirection unless an event occurs within the iframe. To validate this approach, researchers created a simple HTML file featuring a cross-origin sandboxed iframe, along with an external button…