Communications of the ACM
Black Hat: How Hackers Gain Root Access to SAP Enterprise Servers Through SolMan
Cybersecurity researchers at the Black Hat USA 2020 conferences found that attackers could exploit vulnerabilities in SAP Solution Manager to gain root access to enterprise servers.
Credit: Black Hat USA 2020
At the Black Hat USA 2020 conferences, cybersecurity researchers from Boston-based Onapsis detailed how attackers could exploit vulnerabilities in SAP Solution Manager (SolMan) to gain root access to enterprise servers.
SolMan, comparable to Windows Active Directory, links software agents on SAP servers via the SAP Solution Manager Diagnostic Agent (SMDAgent). Left unpatched, these vulnerabilities could have major ramifications, given that about 87% of the Global 2000 uses SAP in some fashion.
The researchers found that a remote code execution vulnerability could enable unauthenticated attackers to compromise all SMDAgents connected to SolMan.
Other vulnerabilities could allow attackers who obtained administrator privileges to abuse the operation framework to gain root-level privileges, and enable privilege escalation when attackers possess admin_group privileges.
Were these vulnerabilities chained, remote attackers could execute files, including malicious payloads, as root users.
SAP has released fixes for these vulnerabilities.
From ZDNet
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found