FileWave’s Mobile Device Management (MDM) system was found vulnerable to two critical vulnerabilities that could be exploited to conduct remote attacks and take control of a fleet of connected devices.
“The vulnerabilities are remotely exploitable and allow an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices,” said Noam Moshe, security researcher at Claroty said in a Monday report.
FileWave MDM is a cross-platform mobile device management solution that enables IT administrators to manage and monitor all of an organization’s devices, including mobile phones, tablets, laptops, workstations and smart TVs.
The platform acts as a channel to push mandatory software and updates, change device settings and even wipe devices remotely, all served from a central server.
The two issues identified by the operational technology company relate to an authentication bypass (CVE-2022-34907) and the use of a hard-coded cryptographic key (CVE-2022-34906), which could allow an attacker to exfiltrate the legitimate functions to misuse sensitive data and install malicious packages.
Claroty said it discovered more than 1,100 vulnerable internet-facing FileWave servers from government, educational institutions and large enterprises, each containing an “unlimited number of managed devices.”
Should the vulnerabilities be successfully exploited, a remote attacker could gain unauthorized privileged access to the web-facing instances and seize the managed devices, granting carte blanche to access all digital assets on the network.
“This allows us to control all managed devices of the servers, exfiltrate all sensitive data stored by the devices including usernames, email addresses, IP addresses, geo-location, etc. and malicious software on managed to install equipment,” Moshe explained.
After responsible disclosure, the issues have been addressed Version 14.7.2 released July 14, 2022. FileWave users are urged to install the update as soon as possible to avoid becoming a victim of an attack.
The results once again underscore the need to secure endpoint management products in the software supply chain. Last year, the REvil Cybercrime gang abused a then zero-day bug in Kaseya’s IT management solution Deploy ransomware against 1,500 downstream companies.
#FileWave #MDM #critical #flaws #open #organizationmanaged #devices #remote #hackers