An Exploit For Obtaining Superuser Rights in SAP Has Been Published in the Public Domain

The exploit is fully functional and targets a vulnerability in SAP SolMan (CVE-2020-6207).

Specialists at Onapsis Research Labs discovered an exploit for SAP products on GitHub, published by Russian researcher Dmitry Chastukhin on January 14, 2021. According to experts, the exploit is applicable to SAP SolMan - a platform for lifecycle management of all SAP solutions in a distributed environment.

The exploit is fully functional and targets the CVE-2020-6207 vulnerability, due to which SAP Solution Manager (User Experience Monitoring) 7.2 does not authenticate the service. By exploiting the vulnerability, an attacker can completely compromise all SMDAgents connected to SAP Solution Manager. A successful attack that exploits this vulnerability can impact an organization's cybersecurity and regulatory compliance, exposing critical data, SAP applications, and business processes.

“Although exploits are published online regularly, SAP vulnerabilities were different. For them, the number of publicly available exploits was limited. The release of a publicly available exploit significantly increases the likelihood of attacks, since in this case the pool of potential attackers is not limited to SAP experts and specialists, but also expands to script kiddies and less experienced attackers who can now use publicly available tools instead of creating their own. " - explained in Onapsis Research Labs.

Because the SolMan platform is designed to centrally manage all SAP and other systems, it establishes trusted connections to multiple systems. An attacker who gains access to it can potentially compromise any business system connected to SolMan.

“Unfortunately, because it does not contain any business information, the SAP SolMan platform is often overlooked from a security perspective; some companies do not have the same patching policy as other systems, ”the researchers noted.

By gaining control of SAP SolMan, an attacker can shutdown systems, gain access to sensitive data, delete data, cause IT resource management gaps, and assign superuser privileges to any new or existing user.

“It is impossible to enumerate everything that could potentially be done in systems in the event of a breach, since having administrative privileged access to systems or running commands in the operating system essentially provides an attacker with unlimited possibilities,” experts say.

Previous Post Next Post