Critical SAP Recon flaw exposes thousands of customers to attacks
SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments.
The RECON (short for Remotely Exploitable Code On NetWeaver) vulnerability is rated with a maximum CVSS score of 10 out of 10 and can be exploited remotely by unauthenticated attackers to fully compromise unpatched SAP systems according to Onapsis, the company that found and responsibly disclosed RECON to the SAP Security Response Team.
RECON is introduced due to the lack of authentication in an SAP NetWeaver AS for Java web component allowing for several high-privileged activities on the affected SAP system.
“If exploited, an unauthenticated attacker (no username or password required) can create a new SAP user with maximum privileges, bypassing all access and authorization controls (such as segregation of duties, identity management, and GRC solutions) and gaining full control of SAP systems,” Onapsis explained.
“The RECON vulnerability is particularly dangerous because many of the affected solutions are often exposed to the internet to connect companies with business partners, employees, and customers, which drastically increases the likelihood of remote attacks.”
In addition to Onapsis’ report, the United States Cybersecurity and Infrastructure Security Agency (CISA) has also issued an advisory today where the vulnerability is being tracked as CVE-2020-6287.
“Based on how widespread this vulnerability is across SAP products, most SAP customers will likely be impacted,” Onapsis says in their RECON threat report. “It is fundamental for SAP customers to apply the patch and follow the provided recommendations to stay protected.”
Reference:
https://www.onapsis.com/recon-sap-cyber-security-vulnerability
https://us-cert.cisa.gov/ncas/alerts/aa20-195a
Contact Us
Learn more about what Techcess CyberSecurity Group can do for your business.
1-833-TXCYBER
1-833-892-9237
Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055
Techcess CyberSecurity Group
Houston, Texas 77055