Flaws in FileWave MDM could have allowed hacking +1000 orgsSecurity Affairs

Multiple flaws in the FileWave mobile device management (MDM) product exposed organizations to cyberattacks.

Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may use the MDM platform to push mandatory software and updates to devices, change device settings, lock, and, when necessary, remotely wipe devices.

The now patched vulnerabilities are an authentication bypass issue tracked as CVE-2022-34907 and a hardcoded cryptographic key tracked as CVE-2022-34906. Both issues reside in FileWave MDM before version 14.6.3 and 14.7.x, prior to 14.7.2. FileWave addressed the vulnerability in version 14.7.2 earlier this month.

A remote attacker can trigger the vulnerabilities to bypass authentication and gain full control over the MDM platform and its managed devices.

The authentication bypass vulnerability can allow a remote attacker to achieve “super_user” access and take full control of the MDM installation, then use it to manage any device of the target organization.

“During our research, we were able to identify a critical flaw in the authentication process of the FileWave MDM product suite, allowing us to create an exploit that bypasses authentication requirements in the platform and achieves super_user access, (the platform’s most privileged user). ” reads the analysis published by Clarity. “By exploiting this authentication bypass vulnerability, we were able to take full control over any internet-connected MDM instance.”

The researchers discovered more than 1,100 organizations in multiple industries using the flawed MDM.

In order to demonstrate the CVE-2022-34907 flaw, the experts created a standard FileWave setup, and enrolled 6 devices of our own. They used the vulnerability to leak data about all of the devices managed by the instance of the MDM server.

“Lastly, using regular MDM functionality which allows IT administrators to install packages and software on managed devices, we installed malicious packages on each controlled device, popping a fake ransomware virus on each of those managed devices. Doing so, we demonstrated how a potential attacker can leverage Filewave’s capabilities in order to take control over different managed devices.” reads the post published by Clarity.

The researchers demonstrated how to exploit the flaw to install a ransomware on the devices that are managed by an instance that was compromised by the experts.

“This exploit, if used maliciously, could allow remote attackers to easily attack and infect all internet-accessible instances managed by the FileWave MDM, below, allowing attackers to control all managed devices, gaining access to users’ personal home networks, organizations’ internal networks, and much more,” concludes Claroty.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs hacking, FileWave MDM)












Source

Multiple flaws in the FileWave mobile device management (MDM) product exposed organizations to cyberattacks.

Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may use the MDM platform to push mandatory software and updates to devices, change device settings, lock, and, when necessary, remotely wipe devices.

The now patched vulnerabilities are an authentication bypass issue tracked as CVE-2022-34907 and a hardcoded cryptographic key tracked as CVE-2022-34906. Both issues reside in FileWave MDM before version 14.6.3 and 14.7.x, prior to 14.7.2. FileWave addressed the vulnerability in version 14.7.2 earlier this month.

A remote attacker can trigger the vulnerabilities to bypass authentication and gain full control over the MDM platform and its managed devices.

The authentication bypass vulnerability can allow a remote attacker to achieve “super_user” access and take full control of the MDM installation, then use it to manage any device of the target organization.

“During our research, we were able to identify a critical flaw in the authentication process of the FileWave MDM product suite, allowing us to create an exploit that bypasses authentication requirements in the platform and achieves super_user access, (the platform’s most privileged user). ” reads the analysis published by Clarity. “By exploiting this authentication bypass vulnerability, we were able to take full control over any internet-connected MDM instance.”

The researchers discovered more than 1,100 organizations in multiple industries using the flawed MDM.

In order to demonstrate the CVE-2022-34907 flaw, the experts created a standard FileWave setup, and enrolled 6 devices of our own. They used the vulnerability to leak data about all of the devices managed by the instance of the MDM server.

“Lastly, using regular MDM functionality which allows IT administrators to install packages and software on managed devices, we installed malicious packages on each controlled device, popping a fake ransomware virus on each of those managed devices. Doing so, we demonstrated how a potential attacker can leverage Filewave’s capabilities in order to take control over different managed devices.” reads the post published by Clarity.

The researchers demonstrated how to exploit the flaw to install a ransomware on the devices that are managed by an instance that was compromised by the experts.

“This exploit, if used maliciously, could allow remote attackers to easily attack and infect all internet-accessible instances managed by the FileWave MDM, below, allowing attackers to control all managed devices, gaining access to users’ personal home networks, organizations’ internal networks, and much more,” concludes Claroty.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs hacking, FileWave MDM)












Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Indian Power Sector targeted with latest LockBit 3.0 variant

Estimated reading time: 5 minutesAfter the infamous Conti ransomware group was disbanded, its former members began to target the energy and power sectors...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!