CVE-2024-45285

Vulnerability

Analysis

CVE-2024-45285 affects an RFC-enabled function module in SAP systems, allowing a low-privileged attacker to perform a denial of service on any targeted user. The root cause is insufficient authorization checks within the function module, which processes specific parameters from a crafted packet. By exploiting this flaw, the attacker can disrupt the targeted user's access to SAP GUI functionalities entirely. Additionally, the vulnerability permits the attacker to change or delete the target user's favorite nodes, further compromising the user interface and workflow [1].

Exploitation

To exploit this vulnerability, an attacker only needs low privileges on the SAP system and the ability to send crafted RFC packets to the vulnerable function module. No special network position or authentication bypass is required—standard RFC access with minimal rights is sufficient. The attack does not require user interaction from the victim; the crafted packet directly targets the victim's session or user context [1].

Impact

Successful exploitation results in a complete denial of service for the targeted user, who will lose access to all SAP GUI functionalities. The integrity impact is limited but tangible, as the attacker can modify or delete the user's favorite nodes, altering their personalized interface. Availability is the primary concern, with low integrity impact also noted. The CVSS v3 score of 5.4 reflects these moderate effects [1].

Mitigation

SAP has addressed this vulnerability in its Security Patch Day release. Administrators should apply the relevant SAP Security Note to protect their systems. As with all SAP security notes, implementation is recommended to prevent exploitation. There are no workarounds mentioned; patching is the definitive mitigation [1].