Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

[ERPSCAN-15-032] SAP PCo agent – DoS vulnerability

Application: SAP PCo
Vendor: http://www.sap.com
Bugs: DoS
Reported: 05.09.2015
Vendor response: 06.09.2015
Date of Public Advisory: 20.11.2015
Reference: SAP Security Note 2238619
Author: Mathieu GELI (ERPScan)

VULNERABILITY INFORMATION
Class: Denial of service
Impact: Disrupt operational status
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2015-8330
CVSS Information
CVSS Base Score: 7.1 / 10
CVSS Base Vector:

AV: Access Vector (Related exploit range) Network (N)
AC: Access Complexity (Required attack complexity) Medium (M)
Au: Authentication (Level of authentication needed to exploit) None (N)
C: Impact to Confidentiality None (N)
I: Impact to Integrity None (N)
A: Impact to Availability Complete (C)

Business risk
It is possible to use denial of service to terminate the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.

Description
An attacker can crash the PCo agent by forging xMII requests to the TCP port.

VULNERABLE PACKAGES
SAP PCo agent 2.2, 2.3, 15.0 and 15.1
Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2238619

TECHNICAL DESCRIPTION
When sending special forged queries to the SAP Pco Agent (available in query mode), you can crash the agent and disrupt a PCo operation.

Defense

To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: