Cybersecurity researchers at Claroty have warned of two high-risk flaws affecting FileWave’s mobile device management (MDM) system that is used in a wide range of devices, from iOS and Android smartphones, MacOS and Windows tablets, laptops and workstations, and smart devices.
FIleWave MDM allows IT administrators view and manage device configurations, locations, security settings, and other device data.
Said flaws, tracked as CVE-2022-34907 and CVE-2022-34906, are remotely exploitable and allow an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices.
CVE-2022-34907 is an authentication bypass flaw, while CVE-2022-34906 exists due to the presence of a hard-coded cryptographic key. Both issues impact the FileWave versions 14.6.0 - 14.7.1 and have been addressed by the vendor with the release of the FileWaveversion 14.7.2.
“An attacker who is able to compromise the MDM would be in a powerful position to control all managed devices, allowing the attacker to exfiltrate sensitive data such as a device’s serial number, the user’s email address and full name, address, geo-location coordinates, IP address, device PIN codes, and much more. Furthermore, attackers could abuse legitimate MDM capabilities to install malicious packages or executables, and even gain access to the device directly through remote control protocols,” Claroty explained.
The researchers said they identified thousands of vulnerable internet-facing FileWave servers in numerous industries, including government agencies, education, and large enterprises. They have also demonstrated a proof-of-concept attack which compromises the Filewave MDM and infects each managed device with a fake ransomware.