The SAP ASE vulnerabilities
The most serious vulnerability, tracked as CVE-2020-6248, has a score of 9.1 out of 10 in the Common Vulnerabilities Scoring System (CVSS) and stems from a lack of security checks on configuration files during database backup operations. More specifically, the flaw allows any users with the permission to run the DUMP database command to corrupt the configuration file on the Backup Server.
"On the next Backup Server restart the corruption of the configuration file will be detected by the server and it will replace the configuration with the default one," the Trustwave researchers explained. "And the default configuration allows anyone to connect to the Backup Server using the same login and an empty password!"
Attackers can then change the sybmultbuf_binary setting on the server to point to a malicious executable and trigger its execution with subsequent DUMP commands. On Windows, this operation is performed with LocalSystem privileges by default, which grants the potential hacker and their malicious code complete control over the machine.
0 Comments