CVE-2022-27668: 
NixOS vulnerability analysis and mitigation

CVE-2022-27668 is a critical vulnerability in SAP NetWeaver and ABAP Platform that was discovered in March 2022 and publicly disclosed in June 2022. The vulnerability affects multiple versions including KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, and 7.22. It allows an unauthenticated attacker to execute SAProuter administration commands from a remote client, potentially impacting system availability (NVD, SecurityWeek).

The vulnerability stems from improper access control in the SAProuter component. According to security researchers, the issue arises when the route permission table in the 'saprouttab' file is configured with permissive settings. The vulnerability has a CVSS v3.1 base score of 9.8 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The flaw allows attackers to bypass protection mechanisms and execute administration commands on systems connected to the SAPRouter, even without authentication (SecurityWeek, FullDisclosure).

The vulnerability enables attackers to execute unauthorized administrative functions such as stopping the remote SAProuter instance, displaying connection information, switching trace level, or terminating specific connections. This can lead to significant system availability issues and potential disruption of business operations (FullDisclosure).

SAP has released patches to address this vulnerability in Security Note 3158375. As a workaround, administrators should remove any wildcard (*) values in the target host or IP address directive in route permission table saprouttab entries 'P' and 'S'. It is recommended to avoid using wildcard values in the route permission table saprouttab entirely (FullDisclosure).