Security bug left over 1,000 organizations open to ransomware, device hijacking
Security researchers have discovered two major flaws in FileWave’s endpoint (opens in new tab) management software which could have given threat actors a way to circumvent authentication measures and completely take over the affected devices.
The flaws affected more than 1,100 internet-accessible FileWave management instances, used by large government entities, schools, small businesses, and many other firms. Besides fully taking over the instances, threat actors could have used the backdoor to launch ransomware (opens in new tab) attacks, or steal sensitive data.
Found by security firm Claroty, the vulnerabilities are being tracked as CVE-2022-34907 and CVE-2022-34906.
Patched flaws
CVE-2022-34907 is described as an authentication bypass, not unlike the flaw recently found in F5 BIG-IP WAF. The researchers explained that the scheduler service running on the mobile device management (MDM) server authenticates to the web server using a hardcoded shared secret. But this secret doesn’t change between different MDM installations, or versions.
“This means that if we know the shared secret and supply it in the request, we do not need to supply a valid user’s token or know the user’s username and password,” researcher Noam Moshe told the publication, also stating that a threat actor could use this flaw to access the target system with elevated privileges.
These privileges would give them power over other internet-connected devices: “This enables us to control all of the servers’ managed devices, exfiltrate all sensitive data being held by the devices, including usernames, email addresses, IP addresses, geo-location etc, and install malicious software on managed devices,” Moshe added.
CVE-2022-34906, on the other hand, is a flaw discovered in the hardcoded cryptographic key. The flaw could be used to decrypt sensitive data found in FileWave, as well as send crafted requests to the devices associated with the MDM platform.
The flaws have since been patched, so if you’re affected, make sure you’re running versions 14.6.3 and 14.7.2, or 14.8 and newer.
- Keep your internet activities to yourself with the best firewalls (opens in new tab) around
Via: The Register (opens in new tab)
Audio player loading… Security researchers have discovered two major flaws in FileWave’s endpoint (opens in new tab) management software which could have given threat actors a way to circumvent authentication measures and completely take over the affected devices. The flaws affected more than 1,100 internet-accessible FileWave management instances, used by…
Recent Posts
- Microsoft ‘AI Era’ event liveblog
- Microsoft’s Surface and Windows AI event live blog: it’s Arm time
- Prime Video movie of the day: You Were Never Really Here is incredibly stylish and deeply disturbing
- A rundown of what’s new and improved in Android 15 — so far
- Samsung Galaxy Watch 7 leak points to major charging boost, but the Galaxy Watch FE could miss out
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011