critical-filewave-mdm-flaws-open-organization-managed-devices-to-remote-hackers

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers

FileWave’s mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it.

“The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices,” Claroty security researcher Noam Moshe said in a Monday report.

FileWave MDM is a cross-platform mobile device management solution that allows IT administrators to manage and monitor all of an organization’s devices, including mobile phones, tablets, laptops, workstations, and smart TVs.

The platform functions as a channel to push mandatory software and updates, change device settings, and even remotely wipe devices, all of which is delivered from a central server.

The two issues identified by the operational technology firm relate to an authentication bypass (CVE-2022-34907) and the use of a hard-coded cryptographic key (CVE-2022-34906) that could permit an attacker to abuse the legitimate features to exfiltrate sensitive data and install malicious packages.

Claroty said it discovered more than 1,100 vulnerable internet-facing FileWave servers belonging to government, education, and large enterprise sectors, each containing an “unrestricted number of managed devices.”

Should the weaknesses be successfully exploited, a remote adversary could gain unauthorized privileged access to the internet-accessible instances and commandeer the managed devices, granting carte blanche access to all the digital assets in the network.

“This enables us to control all of the servers’ managed devices, exfiltrate all sensitive data being held by the devices, including usernames, email addresses, IP addresses, geo-location etc., and install malicious software on managed devices,” Moshe explained.

Following responsible disclosure, the issues were addressed in version 14.7.2 released on July 14, 2022. Users of FileWave are urged to apply the update as soon as possible to avoid becoming a victim of an attack.

The findings once again underscore the need to secure endpoint management products in the software supply chain. Last year, the REvil cybercrime gang abused a then-zero-day flaw in Kaseya’s IT management solution to deploy ransomware against 1,500 downstream businesses.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Hackers using USB drives to spread malware in ongoing attack

Hackers using USB drives to spread malware in ongoing attack

According to a recent post by the cybersecurity firm Mandiant, USB drives are being used to hack targets in Southeast…
AI-Powered Smart Glasses Give Deaf People the Power of Speech

AI-Powered Smart Glasses Give Deaf People the Power of Speech

In a recent example of innovative technology making a positive difference, there is now new artificial intelligence (AI) powered smart…
16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

Seeing as scammers readily jump to capitalize on events with huge global interest, it comes as no surprise that Group-IB…