Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers

FileWave’s mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it.

“The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices,” Claroty security researcher Noam Moshe said in a Monday report.

FileWave MDM is a cross-platform mobile device management solution that allows IT administrators to manage and monitor all of an organization’s devices, including mobile phones, tablets, laptops, workstations, and smart TVs.

The platform functions as a channel to push mandatory software and updates, change device settings, and even remotely wipe devices, all of which is delivered from a central server.

The two issues identified by the operational technology firm relate to an authentication bypass (CVE-2022-34907) and the use of a hard-coded cryptographic key (CVE-2022-34906) that could permit an attacker to abuse the legitimate features to exfiltrate sensitive data and install malicious packages.

Claroty said it discovered more than 1,100 vulnerable internet-facing FileWave servers belonging to government, education, and large enterprise sectors, each containing an “unrestricted number of managed devices.”

Should the weaknesses be successfully exploited, a remote adversary could gain unauthorized privileged access to the internet-accessible instances and commandeer the managed devices, granting carte blanche access to all the digital assets in the network.

“This enables us to control all of the servers’ managed devices, exfiltrate all sensitive data being held by the devices, including usernames, email addresses, IP addresses, geo-location etc., and install malicious software on managed devices,” Moshe explained.

Following responsible disclosure, the issues were addressed in version 14.7.2 released on July 14, 2022. Users of FileWave are urged to apply the update as soon as possible to avoid becoming a victim of an attack.

The findings once again underscore the need to secure endpoint management products in the software supply chain. Last year, the REvil cybercrime gang abused a then-zero-day flaw in Kaseya’s IT management solution to deploy ransomware against 1,500 downstream businesses.

Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.