SAProuter Remote Authentication Bypass Vulnerability Network Vulnerability

Summary

SAProuter is prone to an authentication-bypass vulnerability.

Impact

Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access.

Solution

Updates are available. Please see the references or vendor advisory for more information.

Insight

An attacker can reconfigure SAProuter remotely without authentication because authorization check is missing. It can lead to various threats, from information disclosure to full system compromise.

Affected

SAP Network Interface Router (SAProuter) 39.3 SP4

Detection

Send an information request and check the response.

References

http://erpscan.com/advisories/erpscan-13-023-saprouter-authentication-bypass/
http://www.securityfocus.com/bid/64230
https://service.sap.com/sap/support/notes/1853140

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-7093
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability

Take action and discover your vulnerabilities