A dangerous RECON bug is being used by computer hackers to breach into SAP systems. This vulnerability has been patched by SAP in their latest security update and is also tracked in the CVE-2020-6287 advisory. This new wave of intrusions is a typical hacker tactic which is often done against enterprise systems and networks.
RECON Vulnerability Tracked in CVE-2020-6287 Used Against SAP Systems
A dangerous security vulnerability has been detected in SAP systems which is being abused by hacking groups in order to intrude onto them. As soon as the danerous bug has been discovered it has been fixed by the developers. However many of the already installed systems are still not patched and the hackers can continue to use this attack method.
The issue itself is tracked in the CVE-2020-6287 advisory which gives further insight on the type of intrusion. The weak spot was identified in the SAP NetWeaver Application which contains a Java component called the LM Configuration Wizard. This particular component allows criminals to exploit it. This component is integrated into some of the most popular SAP products and services including the following:
SAP S/4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, and SAP Solution Manager (SolMan)
It is estimated that the number of affected companies that include this software include around 400,000 businesses. An independent security audit reveals that there are 2,500 SAP systems which are exposed to the Internet and are found to be vulnerable to the RECON bug.
This particular bug has also been rated with the maximum critical score — something that is very rare for bugs being used in such systems. This is explained by the relatively easy way to exploit the target systems — the attackers do not need to have any accounts on the systems or depend on a brute force attack.
It is expected that such vulnerabilities will continue to de used as many systems are still not patched. We urge all SAP system implementations to be updated with the latest fix as soon as possible.