Security News > 2020 > July > Internet Scanned for SAP Systems Affected by RECON Vulnerability

Internet Scanned for SAP Systems Affected by RECON Vulnerability
2020-07-17 11:50

Someone has been scanning the internet in search of SAP systems affected by the recently disclosed vulnerability dubbed RECON. The scanning activity started just as a researcher released a proof-of-concept exploit.

Onapsis, a company specializing in the protection of business-critical applications, revealed on Tuesday that many SAP products that use the NetWeaver AS Java technology stack could be exposed to remote attacks due to a critical vulnerability tracked as CVE-2020-6287 and dubbed RECON. A remote and unauthenticated attacker who has access to the targeted system can exploit CVE-2020-6287 to create a new SAP admin user, allowing them to gain full control of the system.

SAP has released patches for the flaw, but Onapsis warned that 40,000 SAP customers could be impacted and the cybersecurity company estimated that there were at least 2,500 vulnerable systems that could be targeted directly from the internet.

Shortly after SAP released patches, a researcher made available a PoC exploit for the RECON flaw and CVE-2020-6286, a related issue impacting NetWeaver AS Java.

The U.S. Cybersecurity and Infrastructure Security Agency has advised organizations to first patch internet-facing systems and then internal systems.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/PtF5buwhsJA/internet-scanned-sap-systems-affected-recon-vulnerability

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-6286 Path Traversal vulnerability in SAP Netweaver Application Server Java
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.
network
low complexity
sap CWE-22
5.3
2020-07-14 CVE-2020-6287 Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
network
low complexity
sap CWE-306
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 328 25 679 386 113 1203