Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0984SAP Router vulnerability

CWE-2644 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
9.0%
top 7.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Router
Timeline
PublishedApr 17
Latest updateMay 14

Description

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDsap/router710, 720, 721+2

🔴Vulnerability Details

2
GHSA
GHSA-2gr2-w7w7-3x6x: The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table en2022-05-14
CVEList
CVE-2014-0984: The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table en2014-04-17

💥Exploits & PoCs

1
Exploit-DB
SAP Router - Timing Attack Password Disclosure2014-04-17
CVE-2014-0984 — SAP Router vulnerability | cvebase