Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers


FileWave’s mobile device management (MDM) system has been shown to be vulnerable to two critical security flaws that could be exploited to carry out remote attacks and take control of a fleet of devices connected to it.

“The vulnerabilities are remotely exploitable and allow an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices,” said Noam Moshe, security researcher at Claroty, in a report released Monday.

FileWave MDM is a cross-platform mobile device management solution that allows IT administrators to manage and monitor all devices in an organization, including mobile phones, tablets, laptops, workstations, and smart TVs .

The platform works as a channel to push software and mandatory updates, change device settings, and even remotely wipe devices, all delivered from a central server.

cyber security

The two issues identified by the tech company relate to an authentication bypass (CVE-2022-34907) and the use of a hard-coded cryptographic key (CVE-2022-34906) that could allow an attacker to abuse legitimate features to exfiltrate sensitive data and install malicious packages.

FileWave MDM Flaws

Claroty said it discovered more than 1,100 vulnerable Internet-accessible FileWave servers from the government, education, and large enterprise sectors, each containing an “unlimited number of managed devices.”

If the weaknesses were successfully exploited, a remote adversary could gain unauthorized privileged access to internet-facing instances and commandeer managed devices, granting carte blanche to all digital assets in the network.

“This allows us to control all managed devices from servers, exfiltrate all sensitive data held by devices, including usernames, email addresses, IP addresses, geolocation, etc., and install malware on managed devices,” Moshe explained. .

cyber security

Following responsible disclosure, the issues were resolved in version 14.7.2 released on July 14, 2022. FileWave users are advised to apply the update as soon as possible to avoid falling victim to an attack.

The findings again underscore the need for securing endpoint management products in the software supply chain. Last year, cybercrime gang REvil abused an epoch zero flaw in Kaseya’s IT management solution to deploy ransomware against 1,500 downstream companies.


About Author

Comments are closed.