Strix
26.1K

CVE-2021-27597

HIGHCVSS 7.5/10EPSS 1.51%

Last modified

CVE-2021-27597 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.. EPSS estimates a 1.51% chance of exploitation in the next 30 days.

Description

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
1.51%

71.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SapNetweaver Abapkernel_7.22
SapNetweaver Abapkernel_7.49
SapNetweaver Abapkernel_7.53
SapNetweaver Abapkernel_7.73
SapNetweaver Abapkernel_8.04
SapNetweaver Abapkrnl32nuc_7.22
SapNetweaver Abapkrnl32nuc_7.22ext
SapNetweaver Abapkrnl64nuc_7.22
SapNetweaver Abapkrnl64nuc_7.22ext
SapNetweaver Abapkrnl64nuc_7.49
SapNetweaver Abapkrnl64uc_7.22
SapNetweaver Abapkrnl64uc_7.22ext
SapNetweaver Abapkrnl64uc_7.49
SapNetweaver Abapkrnl64uc_7.53
SapNetweaver Abapkrnl64uc_7.73
SapNetweaver Abapkrnl64uc_8.04

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-27597?
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
How severe is CVE-2021-27597?
CVE-2021-27597 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.51% probability of exploitation in the next 30 days.
How do I fix CVE-2021-27597?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-27597?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST