Security Advisories for SONIX and SAP

3. April 2024

The pentest professionals at usd HeroLab examined SONIX Technology Webcam and SAP Fiori Sample Shop during their pentests.

Our professionals discovered that systems with a SONIX Technology Webcam using the SonixDeviceMFT.dll driver in their default configuration are vulnerable to a DLL hijacking attack. Exploiting this vulnerability allows attackers to execute a malicious DLL and escalate their privileges.

A vulnerability has been discovered in the SAP web frontend SAP Fiori Sample Shop that allows attackers to execute functions in the backend without being authorized to do so in the frontend.

The vulnerabilities were reported to the vendors as part of the Responsible Disclosure Policy. Detailed information on the advisories can be found here:

About usd HeroLab Security Advisories

In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.

We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues – always in line with our Responsible Disclosure Policy.

Always in the name of our mission: “more security.”

Also interesting:

Top 3 Vulnerabilities in Mobile App Pentests

Top 3 Vulnerabilities in Mobile App Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories