SAP’s RECON Vulnerability on Cyber Attack
Published on : Thursday 30-07-2020
Enterprise Resource Planning (ERP) software expert “SAP” has full name as Systems, Applications, and Products in Data Processing which is a German multinational software corporation. They make enterprise software to manage business operations and customer relations. SAP’s ERP software is widely used to manage organization’s financials, logistics, marketing, human resources and other key business areas. These systems have lots of business critical and sensitive information.
What is SAP’s RECON Vulnerability?
July 2020 was a month where SAP got a critical vulnerability.
It has been disclosed for SAP customers. There is an urgent alert from Department of Homeland Security, notifying that successful exploitation of the bug opens the door
for cybercriminals to read and modify financial records, change banking details, read personal identifiable information (PII), administer purchasing processes, sabotage or disrupt operations, achieve operating system command execution, and even delete or modify traces, logs and other files. It can even help cybercriminals to perform maintenance activities like shutting down federated SAP applications.
SAP NetWeaver is a technology platform that allows organizations to integrate data, business processes, elements and more from a variety of sources into unified SAP environments. It forms the technical foundation for a large number of SAP application landscapes. It is the base layer for several SAP products and solutions. The bug affects a default component present in every SAP application running the SAP NetWeaver Java technology stack.
This is actually a crucial technical component used in many SAP business solutions, such as SAP S/4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, SAP Solution Manager (SolMan) and many others.
According to DHS, the vulnerability is introduced due to the lack of authentication in a web component of the SAP NetWeaver AS for Java, allowing for several high-privileged activities on the SAP system. A remote, unauthenticated cybercriminal can exploit this vulnerability through an HTTP interface, which is typically exposed to end users and, in many cases, exposed to the internet.
Why SAP’s RECON vulnerability is high risk?
This vulnerability is carrying a severity score of 10/10 (ten out of ten) on the CvSS bug-severity scale.
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. The “10” score for RECON simply means, that this bug is easy to exploit and it requires almost no technical knowledge. Also, it is indicating that it can be automated for remote attacks over the internet and does not require the cybercriminal have an account on an SAP app already or valid credentials.
Refer bug listed as CVE-2020-6287 which is also named as RECON by the Onapsis Research Labs researchers who found it. It has huge impact on thousands of SAP customer. According to experts, this vulnerability is related to Remotely Exploitable Code on SAP NetWeaver Java versions 7.30 to 7.50. All Support Packages tested to date were vulnerable. Cybercriminals are using this vulnerability to gain unrestricted access to critical business information and processes in a variety of different scenarios.
SAP’s RECON vulnerability is high risk as it exposes affected solutions to the internet, which are used to connect organizations with business partners, employees and customers.
According to researchers from Bad Packets, immediately after a researcher released a proof-of-concept (PoC) exploit for the RECON vulnerability, cybercriminals across world started the scanning SAP systems which are affected by this RECON vulnerability activity.
Solution to SAP’s RECON vulnerability
Taking note of this vulnerability, SAP delivered a patch on 14th July 2020.
As per security expert advice it is highly recommended that if your organization is using SAP, related security patch should be applied immediately.
Keep eye on latest cyberattack news for safety of your organization and securing valuable assets.
Shekhar Ashok Pawar is CEO of GrassDew IT Solutions Pvt Ltd which is primarily focused on Cybersecurity Assessment & Audits, IT Consulting, Customised Software Development and Software Products. With more than 15 years of international experience, he is CISA, CEH, CHFI, MCP, Blockchain Developer, Dip Cyber Laws, CMMi Level 5 ATM & ISO 27001 LA. He is also certified H/W & S/W expert for Mobile Phones, Computers and CCTV cameras. He did Executive Management (SJMSOM, IIT-Bombay), after Engineering in Electronics & Telecommunications, Mumbai. He is also certified for "Digital Signal Processor & Applications" by Analog Devices - DSP Learning Center, IIT Madras.
He is lead contributor to GrassDewPanther @ LinkedIn which is focused on sharing global cyber threats and related news. Shekhar's recent book “Air Team Theory: Understanding 10 Types of Team Mates and Best Practices to Succeed” was published in January 2020 and is a hot-seller on Amazon.