Critical Filewave MDM Vulnerabilities Allow Attackers Full Mobile Device Control

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical Filewave MDM Vulnerabilities Allow Attackers Full Mobile Device Control


Two previously unknown critical vulnerabilities within FileWave’s multiplatform MDM system could grant malicious actors access to the platforms most privileged user account.



Two vulnerabilities in FileWaves multiplatform mobile device management (MDM) system would have allowed malicious actors to bypass authentication mechanisms, taking control of the platform and the devices linked to it.
FileWaves MDM platform allows admins to push software updates to devices, lock them or even remotely wipe devices.
A report from Clarotys Team82 takes a closer look at CVE-2022-34907, an authentication bypass flaw, and CVE-2022-34906, a hard-coded cryptographic key — vulnerabilities that Filewave addressed with a recent update.
According to the report, the researchers discovered more than 1,100 different instances of vulnerable Internet-facing FileWave MDM servers across multiple industries, including in large enterprises, education, and government agencies.
The platforms MDM Web server, written in Python, is a key component that allows the admin to interact with the devices and receive information from them.
Since this service should be accessible to mobile devices at all times, it is usually exposed to the Internet, and handles both clients’ and admins’ requests, according to the report. Its connectivity makes it a primary target in our research on this platform.
One of the back-end services on the server, the scheduler service, which schedules and executes specific tasks required by the MDM platform, uses a hard-coded shared secret function to grant access to the super_user account — the platform’s most privileged user.
If we know the shared secret and supply it in the request, we do not need to supply a valid users token or know the users username and password, the report says.
Also, by exploiting the authentication-bypass vulnerability, the team was able to achieve super_user access and take full control over any Internet-connected MDM instance.
In a proof-of-concept exploit, the team was able to push a malicious package to all the devices in the system and then execute remote code to install fake ransomware across all of them.
This exploit, if used maliciously, could allow remote attackers to easily attack and infect all Internet-accessible instances managed by the FileWave MDM, ... allowing attackers to control all managed devices, gaining access to users personal home networks, organizations internal networks, and much more, according to the
Monday report
.
Users should
apply the patches
as soon as possible to avoid becoming a victim of an attack, researchers warn.
There has been a rise in attacks against endpoint management products in recent years, including one of the more high-profile attacks
targeting the Kaseya VSA.
In that attack, automation allowed a REvil ransomware gang affiliate to move from exploitation of vulnerable servers to
installing ransomware
on downstream customers faster than most defenders could react.
While mobile attacks have been occurring for years, the threat is rapidly evolving into
sophisticated malware families
with novel features, with attackers deploying malware with full remote access capabilities, modular design, and worm-like characteristics posing significant threats to users and their organizations.
Meanwhile, a survey released earlier this month by Adaptiva and and Ponemon Institute
revealed
the average enterprise now manages approximately 135,000 endpoint devices — a rapidly proliferating attack surface.
Organizations can
improve endpoint management
by implementing zero-trust policies for greater control, and using bring-your-own device (BYOD) security and MDM tools. But they must also take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees devices secure.
In addition, Claroty notes that 
creating temporary keys
that are not stored in central repositories and that time out automatically could improve endpoint and MDM security, even for small businesses.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical Filewave MDM Vulnerabilities Allow Attackers Full Mobile Device Control