FileWave’s cell machine administration (MDM) system has been discovered susceptible to 2 crucial safety flaws that may very well be leveraged to hold out distant assaults and seize management of a fleet of gadgets related to it.
“The vulnerabilities are remotely exploitable and allow an attacker to bypass authentication mechanisms and acquire full management over the MDM platform and its managed gadgets,” Claroty safety researcher Noam Moshe stated in a Monday report.
FileWave MDM is a cross-platform cell machine administration answer that permits IT directors to handle and monitor all of a corporation’s gadgets, together with cell phones, tablets, laptops, workstations, and good TVs.
The platform capabilities as a channel to push obligatory software program and updates, change machine settings, and even remotely wipe gadgets, all of which is delivered from a central server.
The 2 points recognized by the operational expertise agency relate to an authentication bypass (CVE-2022-34907) and the usage of a hard-coded cryptographic key (CVE-2022-34906) that might allow an attacker to abuse the legit options to exfiltrate delicate information and set up malicious packages.
Claroty stated it found greater than 1,100 susceptible internet-facing FileWave servers belonging to authorities, schooling, and enormous enterprise sectors, every containing an “unrestricted variety of managed gadgets.”
Ought to the weaknesses be efficiently exploited, a distant adversary may acquire unauthorized privileged entry to the internet-accessible situations and commandeer the managed gadgets, granting carte blanche entry to all of the digital belongings within the community.
“This allows us to manage all the servers’ managed gadgets, exfiltrate all delicate information being held by the gadgets, together with usernames, e mail addresses, IP addresses, geo-location and so forth., and set up malicious software program on managed gadgets,” Moshe defined.
Following accountable disclosure, the problems had been addressed in model 14.7.2 launched on July 14, 2022. Customers of FileWave are urged to use the replace as quickly as attainable to keep away from changing into a sufferer of an assault.
The findings as soon as once more underscore the necessity to safe endpoint administration merchandise within the software program provide chain. Final yr, the REvil cybercrime gang abused a then-zero-day flaw in Kaseya’s IT administration answer to deploy ransomware in opposition to 1,500 downstream companies.