- The security vulnerability, tracked as CVE-2022-34907, is due to an Authentication Bypass bug affecting FileWave MDM versions before 14.6.3 and 14.7.x, allowing threat actors to circumvent authentication mechanisms in the vulnerable system.
- A second vulnerability, tracked as CVE-2022-34906, is due to the presence of the hard-coded encryption key found in FileWave MDM versions before 14.6.3 and 14.7.x.
By exploiting the vulnerabilities, threat actors can capture critical data in the affected installations and execute arbitrary code on the system. Additionally, threat actors can use CVE-2022-34907 not only to hijack all managed devices but also to leak sensitive data such as device serial numbers, user email addresses, geolocation coordinates, IP addresses, and device PINs, and more.[/vc_column_text][vc_empty_space height=”15px”][pix_img align=”text-center” style=”” hover_effect=”” add_hover_effect=”” image=”13416″][vc_column_text]Vulnerable MDM installations are known to compromise the security of more than 1000 organizations. FileWave has fixed security vulnerabilities with a recent update (14.8). In this context, it is recommended that institutions/organizations or organizations using vulnerable MDM solutions immediately apply the security updates published in order not to be the target of attacks that can be carried out using vulnerabilities.[/vc_column_text][vc_empty_space height=”30px”][/vc_column][/vc_row]