Security bug left over 1,000 organizations open to ransomware, device hijacking

By Scott Marlette Last updated Jul 28, 2022

Security researchers have discovered two major flaws in FileWave’s endpoint (opens in new tab) management software which could have given threat actors a way to circumvent authentication measures and completely take over the affected devices.

The flaws affected more than 1,100 internet-accessible FileWave management instances, used by large government entities, schools, small businesses, and many other firms. Besides fully taking over the instances, threat actors could have used the backdoor to launch ransomware (opens in new tab) attacks, or steal sensitive data.

Found by security firm Claroty, the vulnerabilities are being tracked as CVE-2022-34907 and CVE-2022-34906.

Patched flaws

CVE-2022-34907 is described as an authentication bypass, not unlike the flaw recently found in F5 BIG-IP WAF. The researchers explained that the scheduler service running on the mobile device management (MDM) server authenticates to the web server using a hardcoded shared secret. But this secret doesn’t change between different MDM installations, or versions.

“This means that if we know the shared secret and supply it in the request, we do not need to supply a valid user’s token or know the user’s username and password,” researcher Noam Moshe told the publication, also stating that a threat actor could use this flaw to access the target system with elevated privileges.

These privileges would give them power over other internet-connected devices: “This enables us to control all of the servers’ managed devices, exfiltrate all sensitive data being held by the devices, including usernames, email addresses, IP addresses, geo-location etc, and install malicious software on managed devices,” Moshe added.

CVE-2022-34906, on the other hand, is a flaw discovered in the hardcoded cryptographic key. The flaw could be used to decrypt sensitive data found in FileWave, as well as send crafted requests to the devices associated with the MDM platform.

The flaws have since been patched, so if you’re affected, make sure you’re running versions 14.6.3 and 14.7.2, or 14.8 and newer.

Keep your internet activities to yourself with the best firewalls (opens in new tab) around

Via: The Register (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.