Just two days after SAP released patches for a critical NetWeaver AS JAVA remote code vulnerability, PoC exploits were released and active device exploit scans are underway.
The RECON (Remote Exploitable Code On NetWeaver) vulnerability - discovered by Onapsis - is referred to as CVE-2020-6287 and is rated with the highest CVSS rating of 10 out of 10.
Exploiting it could allow remote intruders without authentication to gain full access to vulnerable systems. These systems could then be used as starters for further attacks within the corporation network.
Another vulnerability identified as CVE-2020-6286 was also fixed on Monday which “allows an unauthorized intruder to take advantage of a download method. zip files in a specific directory, leading to the Path Traversal. ”
Onapsis estimates that more than 40.000 SAP customers could be affected by this security flaw.
Because of the severity of this vulnerability and operational using these devices, the US Cyber Security and Infrastructure Agency (CISA) strongly recommends that all customers install patches immediately.
PoCs were released and active scans were detected
A PoC exploit for both vulnerabilities has been released today on GitHub and it is highly recommended that all affected SAP NetWeaver customers install these updates as soon as possible.
It is not clear what is contained in these ZIP files at this time.
Bad Packets told BleepingComputer that it has detected active scan scans for these vulnerabilities.
Now that a PoC is available, APT groups, state-funded hackers and ransomware operators are expected to use these vulnerabilities to try to break into corporate networks if they are not already doing so.
Fix it now!