Two security flaws found in FileWave MDM – Technologist
Researchers from Claroty revealed last Monday two security flaws found in FileWave’s mobile device management (MDM) system, impacting at least 1,100 organisations such as government agencies, education, and large enterprises.
FileWave MDM is a multi-platform mobile device management solution that allows IT administrators to manage, monitor, and view all of an organisation’s devices. Currently, FileWave MDM supports a wide range of devices, from iOS and Android smartphones, MacOS and Windows tablets, laptops and workstations, and smart devices such as televisions.
Through FileWave MDM, IT administrators can view and manage device configurations, locations, security settings, and other device data. They may use the MDM platform to push mandatory software and updates to devices, change device settings, lock, and, when necessary, remotely wipe devices. In order to do so, all managed devices report to the main server at set intervals, and in return, the server can issue commands to the device via file packages, software, and more.
FileWave has developed a patch to fix the vulnerabilities in a recent update and has reached out to affected customers.
At risks of remote attacks
The security flaws in FileWave MDM, discovered by Claroty’s research arm Team82, allow full offsite control of the MDM platform and the devices that it manages.
“An attacker who is able to compromise the MDM would be in a powerful position to control all managed devices, allowing the attacker to exfiltrate sensitive data such as a device’s serial number, the user’s email address and full name, address, geo-location coordinates, IP address, device PIN codes, and much more,” said Noam Moshe, vulnerability researcher at Claroty, in a blog posted last Monday.
“Attackers could abuse legitimate MDM capabilities to install malicious packages or executables, and even gain access to the device directly through remote control protocols,” he added.
The first vulnerability identified as CVE-2022-34907 is an authentication bypass that enables total control of internet-exposed MDM instances before proceeding to compromise other FileWave using devices to facilitate data exfiltration and malware delivery.
“This exploit, if used maliciously, could allow remote attackers to easily attack and infect all internet-accessible instances managed by the FileWave MDM, below, allowing attackers to control all managed devices, gaining access to users’ personal home networks, organisations’ internal networks, and much more,” said Moshe.
The other vulnerability, CVE-2022-34906, exits again within FileWave MDM and was a hard-coded cryptographic key.
AiTM Attacks | Cyber Security Training & Best Practice – Technologist
Guide for Optimizing Business Communication With Advanced Phone System Features – Technologist
New sensing tech to make smart buildings adaptive to the new normal – Technologist
About The Author
admin
Azeem Rajpoot, the author behind Technolo Gist, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology. With a background in Technologist, Azeem brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions. Follow Azeem on this exciting tech journey to stay updated and inspired.
