[ERPSCAN-17-010] SAP NetWeaver AS ABAP disp+work crash

Application: SAP NetWeaver ABAP
Versions Affected: SAP KERNEL 7.40 64BIT, disp+work.exe (7400.12.21.30308)
Vendor URL: SAP
Bugs: DoS
Reported: 15.12.2016
Vendor response: 16.12.2016
Date of Public Advisory: 14.03.2017
Reference: SAP Security Note 2406841
Author: Vahagn Vardanyan (ERPScan)

VULNERABILITY INFORMATION

Class: DoS
Impact: Denial of Service
Remotely Exploitable: yes
Locally Exploitable: no
CVE: CVE-2017-9843

CVSS Information

CVSS Base Score v3: 2.7 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) High (H)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality None (N)
I: Impact to Integrity None (N)
A: Impact to Availability Low (L)

Description

The vulnerability is presented in disp+work.exe in Javascript executing time.

Business risk

An attacker can use a Denial of Service vulnerability for terminating the process of a vulnerable component. For this time nobody can use this service that negatively influences the business processes, system downtime, and business reputation as a result.

VULNERABLE PACKAGES

SAP KERNEL 7.40 64BIT, disp+work.exe (7400.12.21.30308)

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2406841

TECHNICAL DESCRIPTION

Proof of Concept

Call stack