SAP RECON Security Flaws Persist: Onapsis Reveals Ongoing Exploitation and Discoveries
In July 2020, the SAP RECON security vulnerability (CVE-2020-6287) was publicly disclosed following a patch release. This vulnerability, found in the common SAP Java NetWeaver layer, poses a significant risk to systems such as SAP Solution Manager, PI/PO, Enterprise Portal, and CRM.
If left unpatched, the SAP RECON vulnerability can lead to full system compromise. Attackers have been known to exploit this vulnerability, with exploits appearing within 72 hours of the patch's release. The specific companies affected by these exploits have not been disclosed in detail.
However, companies can take proactive steps to identify systems affected by the SAP RECON vulnerability. Tools like the Onapsis platform can automatically identify these systems without the need for manual testing. Onapsis also offers the RECON Scanner Tool, which can determine if a system is vulnerable to RECON without actively exploiting it.
Regular patches, proactive security measures, and constant vigilance are crucial in protecting against the exploitation of vulnerabilities like RECON. Companies must transition from a reactive to a proactive security strategy to protect their critical business systems.
This is not just a matter of staying up-to-date with the latest patches. Exploits for older vulnerabilities, like RECON, continue to be used by attackers to compromise internet-connected systems. Yvan Genuer, Senior Security Researcher, demonstrated at Black Hat Europe 2024 the continued exploitation of these vulnerabilities by various categories of attackers.
The exploitation of RECON allows an attacker to anonymously create an administrator user in a vulnerable system, giving them full control. To mitigate this risk, companies must immediately patch their SAP systems, restrict internet access where possible, continuously monitor for suspicious activities, and regularly conduct SAP-specific security assessments.
In conclusion, the SAP RECON vulnerability highlights the importance of timely patching, proactive security measures, and continuous monitoring in protecting against evolving threats in SAP environments. The continued exploitation of RECON and older vulnerabilities demonstrates that older errors still represent valuable attack vectors. Companies must be vigilant and proactive in their security strategies to protect their systems from these persistent threats.
Read also:
- Money equivalent to RM5 could potentially reveal your location?
- Investment of $20 million in strategy by the Aqua 1 Foundation of the UAE in Above Food
- Exploring Cloud Security Standards for Regulated Companies as Set Forth by SEBI: A Handbook for Compliant Businesses
- Exploring New Galaxies: AvatarUX Embarks on a Space Venture
