Rewterz Threat Alert – Malicious Covid-19 URLs
April 7, 2021Rewterz Threat Advisory – CVE-2021-28189 – ASUS BMC firmware denial of service
April 7, 2021Rewterz Threat Alert – Malicious Covid-19 URLs
April 7, 2021Rewterz Threat Advisory – CVE-2021-28189 – ASUS BMC firmware denial of service
April 7, 2021Severity
High
Analysis Summary
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes. SAP said “Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations”.
The six flaws exploited by threat actors include —
- CVE-2010-5326 (CVSS score: 10) – Remote code execution flaw in SAP NetWeaver Application Server (AS) Java
- CVE-2016-3976 (CVSS score: 7.5) – Directory traversal vulnerability in SAP NetWeaver AS Java
- CVE-2016-9563 (CVSS score: 6.4) – XML External Entity (XXE) expansion vulnerability in BC-BMT-BPM-DSK component of SAP NetWeaver AS Java
- CVE-2018-2380 (CVSS score: 6.6) – Directory traversal vulnerability in Internet Sales component in SAP CRM
- CVE-2020-6207 (CVSS score: 9.8) – Missing authentication check in SAP Solution Manager
- CVE-2020-6287 (CVSS score: 10) – RECON (aka Remotely Exploitable Code On NetWeaver) flaw in LM Configuration Wizard component
SAP said “they detected over 300 successful exploitations out of a total of 1,500 attempts targeting previously known vulnerabilities and insecure configurations specific to SAP systems with multiple brute-force attempts made by adversaries aimed at high-privilege SAP accounts as well as chaining together several flaws to strike SAP applications.”
Impact
- Information theft
- Exposure of sensitive data
- Full control of the system
Affected Vendors
SAP
Affected Products
- Enterprise resource planning (ERP)
- Supply chain management (SCM)
- Human capital management (HCM)
- Product lifecycle management (PLM)
- Customer relationship management (CRM)
Remediation
- SAP recommends users to patch as soon as possible.
- Perform a compromise assessment of applications.
- Address misconfigurations to prevent unauthorized access.