Regulation Implementation Acts to be Established, Outlining How This Legislation will be Enforced.
In a significant development for cybersecurity, the ongoing exploitation of a critical vulnerability in SAP systems has been reported by Onapsis Research Labs. The vulnerability, identified as CVE-2017-12637, affects the SAP NetWeaver AS Java Application Server, a platform designed for internet connectivity and the base for applications like SAP Portal.
SAP, in collaboration with Onapsis Research Labs, has been proactive in addressing this issue. They worked together between March 27, 2023, and March 19, 2024, to identify and close critical vulnerabilities in SAP NetWeaver AS Java during this period.
The exploitation of CVE-2017-12637 occurs via HTTP(s) and is performed with a GET method on the affected URL with a typical path traversal exploit. This vulnerability allows an unauthenticated attacker to perform directory traversal, potentially leading to full system compromise.
Threat actors have demonstrated a comprehensive understanding of affected SAP systems, using the vulnerability to obtain vulnerable SAP configuration files from the operating system. Moreover, after downloading the SAP Secure Store, attackers can use publicly available tools on GitHub to decrypt the password store and obtain high-privilege SAP credentials.
Attackers can exfiltrate both text and binary files, including the SAP Secure Store, to obtain high-privilege SAP login credentials. The CVSSv3 score of this vulnerability is 7.7, indicating a high severity level.
In response to the active exploitation of this vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) has updated the Catalog of Known Exploited Vulnerabilities to include CVE-2017-12637.
To protect against successful exploitation of this vulnerability, businesses are advised to review the relevant SAP notes: 2486657, 2278834, and 3476549. Additionally, the MITRE ATT&CK framework can help defenders model the behavior of CVE-2017-12637 exploitation, including techniques like Exploit Public-Facing Application, File and Directory Discovery, Gather Victim Host Information, and Credentials from Password Stores.
It is crucial for organizations to remain vigilant and implement continuous monitoring and appropriate protective measures to detect outdated components or misconfigurations in SAP systems to minimize the risk of exploitation. Onapsis Research Labs have observed active exploitation of CVE-2017-12637 in the wild, underscoring the need for immediate action.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- "In a daring decision, Battlefield 6 forgoes ray tracing - understanding the advantages this choice brings"
- Hackers allegedly responsible for mobile banking fraud in Kenya, as per the central bank, yet confidential sources hint at potential insider involvement
- Upcoming Amazon Hardware Event 2025: Anticipated Announcements
