SAP ICMAD Exploit CVE-2022-22536
Affects the Internet Communication Manager (ICM)
- ICMAD for Internet Communication Manager Advanced Desync
This is a memory pipes desynchronization vulnerability. MPI (memory pipes) are memory structures used for communication between ICM (Internet Communication Manager) and work processes (ABAP, Java). A simple HTTP request in an unauthenticated scenario could lead to a full system takeover. This explains why its rated CVSS 10.0 rating.
Brief Introduction to SAP and ERP
-
SAP: Systems Applications and Products in Data Processing
-
ERP: Enterprise Resource Planning
-
https://www.guru99.com/what-is-sap-definition-of-sap-erp-software.html
Blog Posts
- https://blogs.sap.com/2022/02/08/sap-partners-with-onapsis-to-identify-and-patch-cybersecurity-vulnerabilities/
- https://threatpost.com/sap-patches-severe-icmad-bugs/178344/
- https://onapsis.com/threat-report/icmad-sap-vulnerabilities [ PDF ]
- https://thecyphere.com/blog/icmad-sap-vulnerability/
Proof of Concept Exploit Scanners
- https://github.com/Onapsis/onapsis_icmad_scanner/blob/master/src/ICMAD_scanner.py
- https://github.com/antx-code/CVE-2022-22536
HTTP Request Smuggling
https://book.hacktricks.xyz/pentesting-web/http-request-smuggling#probing-http-request-smuggling-vulnerabilities