Critical security vulnerabilities affecting more than a thousand organizations have been identified in the MDM (Mobile Device Management) solution of FileWave, which provides device management solutions based in Switzerland. Considering the widespread use of IoT technologies, it is observed that the use of device management solutions provided by FileWave is increasing day by day. The solutions make it easy for IT administrators to manage all of an organization’s devices effectively.
- The security vulnerability, tracked as CVE-2022-34907, is due to an Authentication Bypass bug affecting FileWave MDM versions before 14.6.3 and 14.7.x, allowing threat actors to circumvent authentication mechanisms in the vulnerable system.
- A second vulnerability, tracked as CVE-2022-34906, is due to the presence of the hard-coded encryption key found in FileWave MDM versions before 14.6.3 and 14.7.x.
By exploiting the vulnerabilities, threat actors can capture critical data in the affected installations and execute arbitrary code on the system. Additionally, threat actors can use CVE-2022-34907 not only to hijack all managed devices but also to leak sensitive data such as device serial numbers, user email addresses, geolocation coordinates, IP addresses, and device PINs, and more.
Vulnerable MDM installations are known to compromise the security of more than 1000 organizations. FileWave has fixed security vulnerabilities with a recent update (14.8). In this context, it is recommended that institutions/organizations or organizations using vulnerable MDM solutions immediately apply the security updates published in order not to be the target of attacks that can be carried out using vulnerabilities.