SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: SAP systems vulnerability could allow adversaries to create new user accounts, execute code
Description: The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) released a warning last week urging SAP admins to update their systems as soon as possible to fix a critical vulnerability. CVE-2020-6287 affects the SAP NetWeaver Application Server's Java component LM Configuration Wizard. An attacker could exploit this bug to obtain unrestricted access to SAP systems, allowing them to create their own user accounts and executing arbitrary system commands.
Snort SIDs: 54571 - 54574
Title: Cisco discloses 33 vulnerabilities in small business routers, firewalls
Description: Cisco disclosed 33 vulnerabilities in their RV series of routers and firewalls earlier this month. The products mainly service small business environments. One of the bugs, CVE-2020-3330, could allow an adversary to completely take over a device if the user hadn't reset the default admin credentials that came pre-installed on the device. There is also a critical privilege escalation vulnerability in Prime License Manager.
Snort SIDs: 54538 - 54567