FileWave MDM Vulnerabilities Leave 1000+ Organizations Exposed to Remote Cyberattacks

Claroty cyber-researchers have recently published their findings in the case of the FileWave MDM product. According to the outline of their research, the mobile device management (MDM) service developed and curated by MDM was affected by two vulnerabilities that would have exposed more than 1000 customers to remote attacks. The flaws in question have been addressed, FileWave voluntarily reached out to its customer base in order to inform them of the risks and, at the same time, urge them to apply the latest security patch.

FileWave MDM Vulnerabilities Exposed Organizations to Data Breaches and Ransomware Attacks

Per Clarity’s report, the two vulnerabilities discovered in FileWave’s MDM might have impacted 1,100 organizations, including governmental institutions, corporations, and educational facilities, leaving them exposed to ransomware attacks and data leaks. The issues in question – CVE-2022-34907 and CVE-2022-34906 – have been addressed at the beginning of July. FileWave’s fix for both vulnerabilities is now available in version 14.7.2 of the MDM product. As part of their foray into the FileWave case, Claroty provided a functional proof-of-concept that showcased how threat actors could easily leverage the two flaws.

What Are CVE-2022-34907 and CVE-2022-34906?

CVE-2022-34907 is an authentication bypass issue that could have been leveraged in order to trigger an anomalous output, thus allowing the threat actor to circumvent security. Not only but, according to Claroty, triggering this response also granted the attacker super_user privileges (ie, the highest type of privilege a user can obtain in FileWave’s product), allowing him to move unhinged through the entire system. The flaw is also handy for reconnaissance – the attacker could easily gather vital intel on all of the machines hooked up to the FileWave environment and deploy specific tools in order to reach his objectives.

The second flaw identified by the cybersecurity researchers (ie, CVE-2022-34906) is an information disclosure vulnerability that was tracked to a hardcoded cryptographic key. If the flaw was to be exploited successfully, it would have granted a threat actor the ability to decrypt sensitive information stored in FileWave’s database. Furthermore, the above-mentioned vulnerability could also have been leveraged in order to send crafted packets to all of the machines enrolled in the MDM.

Research indicates that both identified vulnerabilities affected web servers running FileWave versions from 14.6.3 to 14.7.2. The latest version of the MDM fixes both issues. As a result of the team’s findings, the company FileWave has reached out to all customers, urging them to deploy the patch as soon as possible. So far, none of the organizations utilizing FileWave MDM have reported breaches or malware.

How can Heimdal™ Help

One of the most common attacks surface threat actors is code vulnerability. This can be easily addressed via patching, automatic patching to be more precise. Heimdal™ offers an automatic patching solution in the form of Patch & Asset Management that will help you identify and seal off any vulnerable spots. Our solution boasts full patching and updating support for Microsoft Windows, Linux, and macOS. Automate your workflows regardless of your environment or type of patch (ie, OS essential, security, 3rd party or optional).

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtubeand Instagram for more cybersecurity news and topics.

Source

Claroty cyber-researchers have recently published their findings in the case of the FileWave MDM product. According to the outline of their research, the mobile device management (MDM) service developed and curated by MDM was affected by two vulnerabilities that would have exposed more than 1000 customers to remote attacks. The flaws in question have been addressed, FileWave voluntarily reached out to its customer base in order to inform them of the risks and, at the same time, urge them to apply the latest security patch.

FileWave MDM Vulnerabilities Exposed Organizations to Data Breaches and Ransomware Attacks

Per Clarity’s report, the two vulnerabilities discovered in FileWave’s MDM might have impacted 1,100 organizations, including governmental institutions, corporations, and educational facilities, leaving them exposed to ransomware attacks and data leaks. The issues in question – CVE-2022-34907 and CVE-2022-34906 – have been addressed at the beginning of July. FileWave’s fix for both vulnerabilities is now available in version 14.7.2 of the MDM product. As part of their foray into the FileWave case, Claroty provided a functional proof-of-concept that showcased how threat actors could easily leverage the two flaws.

What Are CVE-2022-34907 and CVE-2022-34906?

CVE-2022-34907 is an authentication bypass issue that could have been leveraged in order to trigger an anomalous output, thus allowing the threat actor to circumvent security. Not only but, according to Claroty, triggering this response also granted the attacker super_user privileges (ie, the highest type of privilege a user can obtain in FileWave’s product), allowing him to move unhinged through the entire system. The flaw is also handy for reconnaissance – the attacker could easily gather vital intel on all of the machines hooked up to the FileWave environment and deploy specific tools in order to reach his objectives.

The second flaw identified by the cybersecurity researchers (ie, CVE-2022-34906) is an information disclosure vulnerability that was tracked to a hardcoded cryptographic key. If the flaw was to be exploited successfully, it would have granted a threat actor the ability to decrypt sensitive information stored in FileWave’s database. Furthermore, the above-mentioned vulnerability could also have been leveraged in order to send crafted packets to all of the machines enrolled in the MDM.

Research indicates that both identified vulnerabilities affected web servers running FileWave versions from 14.6.3 to 14.7.2. The latest version of the MDM fixes both issues. As a result of the team’s findings, the company FileWave has reached out to all customers, urging them to deploy the patch as soon as possible. So far, none of the organizations utilizing FileWave MDM have reported breaches or malware.

How can Heimdal™ Help

One of the most common attacks surface threat actors is code vulnerability. This can be easily addressed via patching, automatic patching to be more precise. Heimdal™ offers an automatic patching solution in the form of Patch & Asset Management that will help you identify and seal off any vulnerable spots. Our solution boasts full patching and updating support for Microsoft Windows, Linux, and macOS. Automate your workflows regardless of your environment or type of patch (ie, OS essential, security, 3rd party or optional).

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtubeand Instagram for more cybersecurity news and topics.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Apple patches double zero-day in browser and kernel – update now! – Naked Security

Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. There's a remote code execution hole (RCE) dubbed...

Securing the ever-evolving hybrid work environment

Even as many business leaders debate the boundaries of remote work styles and schedules, there is little doubt that hybrid work will persist for...

Hackers Deploy Bumblebee Loader to Breach Target Networks

Threat actors associated with BazarLoader, TrickBot and IcedID malware are now increasingly deploying the loader known as Bumblebee to breach target networks and subsequently...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!