{"id":48546,"date":"2024-04-03T14:49:47","date_gmt":"2024-04-03T12:49:47","guid":{"rendered":"https:\/\/www.usd.de\/?p=48546"},"modified":"2024-04-03T14:49:49","modified_gmt":"2024-04-03T12:49:49","slug":"security-advisories-for-sonix-and-sap","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/security-advisories-for-sonix-and-sap\/","title":{"rendered":"Security Advisories for SONIX and SAP"},"content":{"rendered":"\n<p>The\u00a0<a href=\"https:\/\/herolab.usd.de\/en\/our-experts\/\" target=\"_blank\" rel=\"noreferrer noopener\">pentest professionals<\/a>\u00a0at usd HeroLab examined SONIX Technology Webcam and SAP Fiori Sample Shop during their\u00a0<a href=\"https:\/\/www.usd.de\/en\/pentest\/\" target=\"_blank\" rel=\"noreferrer noopener\">pentests<\/a>.<\/p>\n\n\n\n<p>Our professionals discovered that systems with a SONIX Technology Webcam using the SonixDeviceMFT.dll driver in their default configuration are vulnerable to a DLL hijacking attack. Exploiting this vulnerability allows attackers to execute a malicious DLL and escalate their privileges.<\/p>\n\n\n\n<p>A vulnerability has been discovered in the SAP web frontend SAP Fiori Sample Shop that allows attackers to execute functions in the backend without being authorized to do so in the frontend.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>The vulnerabilities were reported to the vendors as part of the Responsible Disclosure Policy. Detailed information on the advisories can be found\u00a0here:<\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-text-color has-link-color wp-element-button\" href=\"https:\/\/herolab.usd.de\/security-advisories\/usd-2023-0029\/\" style=\"color:#f07f1d\" target=\"_blank\" rel=\"noopener\"><strong>SONIX<\/strong><\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--2\"><a class=\"wp-block-button__link has-text-color has-link-color wp-element-button\" href=\"https:\/\/herolab.usd.de\/security-advisories\/usd-2023-0038\/\" style=\"color:#f07f1d\" target=\"_blank\" rel=\"noopener\">  <strong> SAP<\/strong>   <\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About usd HeroLab Security Advisories<\/h2>\n\n\n\n<p>In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.<\/p>\n\n\n\n<p>We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues \u2013 always in line with our&nbsp;<a href=\"https:\/\/herolab.usd.de\/en\/responsible-disclosure\/\" target=\"_blank\" rel=\"noreferrer noopener\">Responsible Disclosure Policy<\/a>.<\/p>\n\n\n\n<p>Always in the name of our mission: \u201cmore security.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The\u00a0pentest professionals\u00a0at usd HeroLab examined SONIX Technology Webcam and SAP Fiori Sample Shop during their\u00a0pentests. Our professionals discovered that systems with a SONIX Technology Webcam using the SonixDeviceMFT.dll driver in their default configuration are vulnerable to a DLL hijacking attack. Exploiting this vulnerability allows attackers to execute a malicious DLL and escalate their privileges. A [&hellip;]<\/p>\n","protected":false},"author":91,"featured_media":46998,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[373,1674],"tags":[378,8540,380,8541,381,8542],"class_list":["post-48546","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-en","category-security-advisories-en","tag-pentest-en","tag-sap-en","tag-security-advisories-en","tag-security-advisory-en","tag-security-research-en","tag-sonix-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/48546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/91"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=48546"}],"version-history":[{"count":5,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/48546\/revisions"}],"predecessor-version":[{"id":48557,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/48546\/revisions\/48557"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/46998"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=48546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=48546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=48546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}