Login Sign Up

CVE-2023-24523

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated non-admin users with local access to SAP Host Agent ports to execute arbitrary operating system commands with administrator privileges. Attackers can read/modify any data or make systems unavailable. Affects SAP Host Agent versions 7.21 and 7.22.

💻 Affected Systems

Products:
  • SAP Host Agent (Start Service)
Versions: 7.21, 7.22
Operating Systems: All platforms running SAP Host Agent
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have authenticated non-admin access and local network access to SAP Host Agent ports.

📦 What is this software?

Host Agent by Sap

View all CVEs affecting Host Agent →

Host Agent by Sap

View all CVEs affecting Host Agent →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative command execution leading to data theft, system destruction, or ransomware deployment.

🟠

Likely Case

Privilege escalation from authenticated user to administrator leading to data exfiltration or system manipulation.

🟢

If Mitigated

Limited impact due to network segmentation and strict access controls preventing local access to vulnerable ports.

🌐 Internet-Facing: LOW (requires local access to server ports, not typically internet-exposed)
🏢 Internal Only: HIGH (authenticated internal users can exploit this for privilege escalation)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires crafting a ConfigureOutsideDiscovery request with OS commands. Authentication as non-admin user is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3285757 patches

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3285757

Restart Required: Yes

Instructions:

1. Download patches from SAP Note 3285757. 2. Apply patches to affected SAP Host Agent installations. 3. Restart SAP Host Agent services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to SAP Host Agent ports to only trusted administrative systems

Use firewall rules to block non-admin access to SAP Host Agent ports (default 1128-1129)

Access Control

all

Limit user accounts with access to SAP Host Agent services

Review and restrict user permissions for SAP Host Agent access

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate SAP Host Agent ports from non-admin users
  • Monitor for unusual ConfigureOutsideDiscovery requests in SAP Host Agent logs

🔍 How to Verify

Check if Vulnerable:

Check SAP Host Agent version using 'saphostexec -version' and verify if running 7.21 or 7.22

Check Version:

saphostexec -version

Verify Fix Applied:

Verify patch application by checking version after applying SAP Note 3285757 and confirming version is updated

📡 Detection & Monitoring

Log Indicators:

  • Unusual ConfigureOutsideDiscovery requests in SAP Host Agent logs
  • Commands executed with unexpected privileges

Network Indicators:

  • Unauthorized access attempts to SAP Host Agent ports (1128-1129)
  • Suspicious network traffic to SAP Host Agent services

SIEM Query:

source="sap_host_agent" AND (event="ConfigureOutsideDiscovery" OR command_execution)

📊 Metadata

CVE ID: CVE-2023-24523
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-668
Published: February 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24523, you might also want to check these:

CVE-2025-15114 9.8

This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the ala...

Same vulnerability type (CWE-668)
CVE-2021-27236 9.8

This vulnerability in Mutare Voice (EVM) allows unauthenticated attackers to include local files via...

Same vulnerability type (CWE-668)
CVE-2022-24074 9.8

CVE-2022-24074 is a critical vulnerability in Whale Browser's default Whale Bridge extension that al...

Same vulnerability type (CWE-668)