Claroty cyber-researchers have recently published their findings in the case of the FileWave MDM product. According to the outline of their research, the mobile device management (MDM) service developed and curated by MDM was affected by two vulnerabilities that would have exposed more than 1000 customers to remote attacks. The flaws in question have been addressed, FileWave voluntarily reached out to its customer base in order to inform them of the risks and, at the same time, urge them to apply the latest security patch.

FileWave MDM Vulnerabilities Exposed Organizations to Data Breaches and Ransomware Attacks

Per Claroty’s report, the two vulnerabilities discovered in FileWave’s MDM might have impacted 1,100 organizations, including governmental institutions, corporations, and educational facilities, leaving them exposed to ransomware attacks and data leaks. The issues in question – CVE-2022-34907 and CVE-2022-34906 – have been addressed at the beginning of July. FileWave’s fix for both vulnerabilities is now available in version 14.7.2 of the MDM product. As part of their foray into the FileWave case, Claroty provided a functional proof-of-concept that showcased how threat actors could easily leverage the two flaws.

What Are CVE-2022-34907 and CVE-2022-34906?

CVE-2022-34907 is an authentication bypass issue that could have been leveraged in order to trigger an anomalous output, thus allowing the threat actor to circumvent security. Not only but, according to Claroty, triggering this response also granted the attacker super_user privileges (i.e., the highest type of privilege a user can obtain in FileWave’s product), allowing him to move unhinged through the entire system. The flaw is also handy for reconnaissance – the attacker could easily gather vital intel on all of the machines hooked up to the FileWave environment and deploy specific tools in order to reach his objectives.

The second flaw identified by the cybersecurity researchers (i.e., CVE-2022-34906) is an information disclosure vulnerability that was tracked to a hardcoded cryptographic key. If the flaw was to be exploited successfully, it would have granted a threat actor the ability to decrypt sensitive information stored in FileWave’s database. Furthermore, the above-mentioned vulnerability could also have been leveraged in order to send crafted packets to all of the machines enrolled in the MDM.

Research indicates that both identified vulnerabilities affected web servers running FileWave versions from 14.6.3 to 14.7.2. The latest version of the MDM fixes both issues. As a result of the team’s findings, the company FileWave has reached out to all customers, urging them to deploy the patch as soon as possible. So far, none of the organizations utilizing FileWave MDM have reported breaches or malware.

How can Heimdal™ Help

One of the most common attacks surface threat actors is code vulnerability. This can be easily addressed via patching, automatic patching to be more precise. Heimdal™ offers an automatic patching solution in the form of Patch & Asset Management that will help you identify and seal off any vulnerable spots. Our solution boasts full patching and updating support for Microsoft Windows, Linux, and macOS. Automatize your workflows regardless of your environment or type of patch (i.e., OS essential, security, 3rd party or optional).

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Massive Kaseya VSA Supply Chain Attack Infects Businesses with Revil Ransomware

A Critical Serv-U Vulnerability Exploited in the Wild, Fixed by SolarWinds

A Cisco ASA Vulnerability Is Actively Exploited

Leave a Reply

Your email address will not be published. Required fields are marked *