Security researchers discover two major flaws in FileWave’s endpoint (opens in new tab) management software that could have provided threat actors with a way to bypass authentication measures and completely take over the affected devices.
The errors affected more than 1,100 Internet-accessible FileWave administrative instances used by large government agencies, schools, small businesses, and many other businesses. In addition to completely taking over the instances, threat actors could have used the backdoor to launch ransomware (opens in new tab) attacks or steal sensitive data.
Found by security firm Claroty, the vulnerabilities are tracked as CVE-2022-34907 and CVE-2022-34906.
CVE-2022-34907 is described as an authentication bypass, similar to the flaw recently found in F5 BIG-IP WAF. The researchers explained that the scheduler service running on the MDM (Mobile Device Management) server authenticates to the web server using a hard-coded shared secret. But this secret doesn’t change between different MDM installations or versions.
“This means that if we know the shared secret and specify it in the request, we don’t have to provide a valid user token or know the user’s username and password,” researcher Noam Moshe told the publication, also stating that a threat actor could use this error to access the target system with elevated privileges.
These privileges would give them power over other internet-connected devices: “It allows us to monitor all the servers’ managed devices, exfiltrate all sensitive data held by the devices, including usernames, email addresses, IP addresses, geolocation, etc. . and installing malicious software on managed devices,” Moshe added.
In contrast, CVE-2022-34906 is an error discovered in the hard-coded cryptographic key. The flaw can be used to decrypt sensitive data in FileWave and send processed requests to the devices associated with the MDM platform.
The bugs have since been fixed, so if you’re having trouble, make sure you’re running versions 14.6.3 and 14.7.2 or 14.8 and newer.
- Keep your internet activities to yourself with the best firewalls (opens in new tab) around
Via: The Register (opens in new tab)