Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2020-6198 Missing Authentication check in SAP Solution Manager (Diagnostics Agent), SAP security note 2845377

Description

The Diagnostics Agent allows P4 connections from unauthenticated sources to an insecure Server port. This allows an attacker to control all remote functions on the Agent. As a result:

  • Sensitive Data stored in the configuration can be accessed by attackers,
  • Commands can be executed with the permissions of the <SID>adm user of the Agent; this includes modification of sensitive data,
  • The Agent can be shut down, disabling the monitoring and causing it to be unavailable.

Available fix and Supported packages

  • LM-SERVICE | 7.20 | 7.20
  • SOLMANDIAG 720 | SP004 | 000011
  • SOLMANDIAG 720 | SP005 | 000012
  • SOLMANDIAG 720 | SP006 | 000013
  • SOLMANDIAG 720 | SP007 | 000019
  • SOLMANDIAG 720 | SP008 | 000015
  • SOLMANDIAG 720 | SP009 | 000007
  • SOLMANDIAG 720 | SP010 | 000001

Affected component

    SV-SMG-DIA-SRV-AGT
    Agent Framework

CVSS

Score: 9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2845377

TAGS

#broken-authentication
#p4-server-port
#p4s
#CVE-2020-6198

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.