Sign In

Communications of the ACM

ACM TechNews

Black Hat: How Hackers Gain Root Access to SAP Enterprise Servers Through SolMan


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Logo of Black Hat USA 2020.

Cybersecurity researchers at the Black Hat USA 2020 conferences found that attackers could exploit vulnerabilities in SAP Solution Manager to gain root access to enterprise servers.

Credit: Black Hat USA 2020

At the Black Hat USA 2020 conferences, cybersecurity researchers from Boston-based Onapsis detailed how attackers could exploit vulnerabilities in SAP Solution Manager (SolMan) to gain root access to enterprise servers.

SolMan, comparable to Windows Active Directory, links software agents on SAP servers via the SAP Solution Manager Diagnostic Agent (SMDAgent). Left unpatched, these vulnerabilities could have major ramifications, given that about 87% of the Global 2000 uses SAP in some fashion.

The researchers found that a remote code execution vulnerability could enable unauthenticated attackers to compromise all SMDAgents connected to SolMan.

Other vulnerabilities could allow attackers who obtained administrator privileges to abuse the operation framework to gain root-level privileges, and enable privilege escalation when attackers possess admin_group privileges.

Were these vulnerabilities chained, remote attackers could execute files, including malicious payloads, as root users.

SAP has released fixes for these vulnerabilities.

From ZDNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found