RedShield develops 'virtual shield' to protect against SAP RECON vulnerability
New Zealand-based security firm RedShield has developed a ‘virtual shield’ that addresses major vulnerabilities within SAP.
SAP recently shared details of the RECON vulnerability in its SAP Networker Application Server (AS) Java LM Configuration Wizard, which is critical to the SAP stack.
The vulnerability (CVE-2020-6287) could allow attackers to take over SAP systems by remotely accessing the server. As many as 40,000 SAP customers and 2500 systems could be affected by the vulnerability.
According to RedShield, The SAP NetWeaver Java is a base layer for many SAP products.
Attackers who exploit the vulnerability may allow an attacker to leverage the connected systems and access further business-critical data and Personally Identifiable Information (PII). Attackers could also potentially access, delete, or manipulate financial records and banking details; and they could perform other admin functions such as deleting or modifying database records, traces, logs, and other files.
RedShield chief executive officer Andy Prow says SAP customers must stay protected and alert.
“However, the reason we see so many organisations struggling to act and apply patches quickly is because of the potential business risks and what down-stream impact may be caused.”
“Because applying these patches can be difficult and take time, we’ve seen some organisations attempt to block access to the affected SAP services; however, this is a heavy-handed response, and often is untenable as a long term solution. We’ve also seen some organisations introduce pre-authentication by allowing only authenticated users to access the server; however, this assumes the malicious user has not already gained authentication and is also not a viable solution in all cases.”
He adds that vulnerability shielding involves injecting code in front of the vulnerable application to fully remediate the attack.
“The most important factor is that the shield requires zero-touch to the application, meaning vulnerabilities are removed without the risk and interruption caused by touching systems like SAP.”
He explains that by deploying a shield object to shield the RECON vulnerability without affecting SAP application code, protection can be fast and effective.
“We can provide immediate peace of mind with our shielding approach. With the shield(s) in place, the customer may still upgrade or patch the systems behind the shields, but they can do so in a planned and managed way, over time.”
RedShield says it can deploy shields for both legacy and new SAP applications - as well as APIs. Depending on the shielding architecture needed, implementation can be completed within hours, well within the Cybersecurity and Infrastructure Security Agency (CISA) recommended 24-hour timeframe.