← back
CVE-2012-2611

CVE-2012-2611

EPSS 41.9%
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
Affected products
n/a · n/a
public PoCs found3
exploitdbwww.exploit-db.com/exploits/20705unverifiedexploitdbwww.exploit-db.com/exploits/18853unverifiedexploitdbwww.exploit-db.com/exploits/21034unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://scn.sap.com/docs/DOC-8218https://service.sap.com/sap/support/notes/1687910http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilitieshttp://www.securitytracker.com/id?1027052