Onapsis on Wednesday announced the release of an open source tool that helps organizations determine if their SAP systems are vulnerable to RECON attacks and checks if they may have already been targeted.
RECON is the name assigned to a recently disclosed vulnerability — officially tracked as CVE-2020-6287 — that researchers at Onapsis identified in a component used by many SAP products.
The critical vulnerability can be exploited by a remote, unauthenticated attacker who has access to the targeted system to create a new SAP admin user, allowing them to gain full control of the system.
SAP released patches earlier this month, but Onapsis warned at the time that over 40,000 SAP customers could be affected and the cybersecurity company estimated that at least 2,500 systems in North America, Europe and the APAC region were exposed to attacks from the internet.
Proof-of-concept (PoC) exploit code was released by a researcher shortly after disclosure and at around the same time threat intelligence company Bad Packets reported seeing mass scanning activity targeting the RECON vulnerability.
Onapsis announced on Wednesday that it has released INSTANT RECON, an open source vulnerability assessment and indicator of compromise (IoC) scanner for CVE-2020-6287.
This free tool is designed to conduct a blackbox scan of SAP applications to determine if they are vulnerable, and it performs a basic analysis of SAP application logs in an effort to determine if the RECON vulnerability has already been exploited against the user’s organization.
“If IoCs are identified, it is strongly recommended that you perform an in-depth ..
Support the originator by clicking the read the rest link below.
