Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Critical SAP Recon vulnerability exposes thousands of system to full take over

IT giant SAP addressed a critical flaw, tracked as  CVE-2020-6287 and dubbed RECON, that could allow attackers to take over corporate servers. SAP has released security patches to address a critical vulnerability, tracked as CVE-2020-6287 and dubbed RECON (Remotely Exploitable Code On NetWeaver), that could be exploited by attackers to take over corporate servers. The […]

SAP

IT giant SAP addressed a critical flaw, tracked as  CVE-2020-6287 and dubbed RECON, that could allow attackers to take over corporate servers.

SAP has released security patches to address a critical vulnerability, tracked as CVE-2020-6287 and dubbed RECON (Remotely Exploitable Code On NetWeaver), that could be exploited by attackers to take over corporate servers.

The vulnerability was discovered by security firm Onapsis, according to the experts, the RECON flaw allows an attacker to create an SAP user account with maximum privileges on SAP applications exposed online, this means that he will take full control over the compromised SAP systems.

The RECON issue resides in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, which is a core component in most SAP environments.

The component is used in several popular SAP products, including SAP S/4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, and SAP Solution Manager (SolMan).

RECON is caused by the lack of authentication in an SAP NetWeaver AS for Java web component.

“If exploited, an unauthenticated attacker (no username or password required) can create a new SAP user with maximum privileges, bypassing all access and authorization controls (such as segregation of duties, identity management, and GRC solutions) and gaining full control of SAP systems,” reads the analysis published by Onapsis.

Onapsis experts scanned the Internet for SAP systems and found 2,500 installs exposed online that are affected by the RECON vulnerability. Most of them are in North America (33%), followed by Europe (29%) and Asia-Pacific (27%).

The RECON flaw is easy to exploit, for this reason, it has received a 10 score on the CVSSv3 vulnerability severity scale.

SAP admins urge to apply SAP’s patches as soon as possible, to avoid that hackers take full control of their SAP applications and then steal sensitive data.

The DHS CISA also published a security alert urging organizations using SAP solutions to apply the security patches as soon as possible. Organizations that are unable to immediately deploy the patch should mitigate the issue by disabling the LM Configuration Wizard service.

“On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.” states the CISA’s alert.

“Due to the criticality of this vulnerability, the attack surface this vulnerability represents, and the importance of SAP’s business applications, the Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations immediately apply patches. CISA recommends organizations prioritize patching internet-facing systems, and then internal systems.”

CISA confirmed that it is not aware of any active exploitation of the RECON issue at the time of the report. However, because patches have been publicly released, experts believe that threat actors could make a reverse-engineering of the patches to create exploits that target unpatched systems.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – RECON, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]