Security News > 2020 > July > Internet Scanned for SAP Systems Affected by RECON Vulnerability
Someone has been scanning the internet in search of SAP systems affected by the recently disclosed vulnerability dubbed RECON. The scanning activity started just as a researcher released a proof-of-concept exploit.
Onapsis, a company specializing in the protection of business-critical applications, revealed on Tuesday that many SAP products that use the NetWeaver AS Java technology stack could be exposed to remote attacks due to a critical vulnerability tracked as CVE-2020-6287 and dubbed RECON. A remote and unauthenticated attacker who has access to the targeted system can exploit CVE-2020-6287 to create a new SAP admin user, allowing them to gain full control of the system.
SAP has released patches for the flaw, but Onapsis warned that 40,000 SAP customers could be impacted and the cybersecurity company estimated that there were at least 2,500 vulnerable systems that could be targeted directly from the internet.
Shortly after SAP released patches, a researcher made available a PoC exploit for the RECON flaw and CVE-2020-6286, a related issue impacting NetWeaver AS Java.
The U.S. Cybersecurity and Infrastructure Security Agency has advised organizations to first patch internet-facing systems and then internal systems.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-14 | CVE-2020-6286 | Path Traversal vulnerability in SAP Netweaver Application Server Java The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal. | 5.3 |
2020-07-14 | CVE-2020-6287 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. | 10.0 |