Summary
SAProuter is prone to an authentication-bypass vulnerability.
Impact
Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access.
Solution
Updates are available. Please see the references or vendor advisory for more information.
Insight
An attacker can reconfigure SAProuter remotely without authentication because authorization check is missing. It can lead to various threats, from information disclosure to full system compromise.
Affected
SAP Network Interface Router (SAProuter) 39.3 SP4
Detection
Send an information request and check the response.
References
Severity
Classification
-
CVE CVE-2013-7093 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
- Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability