Claroty finds critical FileWave vulnerabilities

By Dylan Bushell-Embling
Wednesday, 03 August, 2022

IoT device security company Claroty has uncovered two critical vulnerabilities in unpatched versions of FileWave’s Mobile Device Management (MDM) system that could potentially allow attackers to gain full control of any device managed by the platform.

Claroty research arm Team82 said the two vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices.

According to the research, an attacker able to compromise the platform would be in a position to exfiltrate sensitive data such as a device’s serial number, the user’s email address and full name, address, geolocation coordinates, IP address and device PIN codes from devices on the compromised MDM.

One vulnerability involves exploiting a critical flaw in the authentication process of older versions of the FileWave MDM product suite that allowed researchers to bypass authentication requirements on the platform and obtain super user status.

Exploiting the vulnerability allowed the researchers to take full control over any internet-connected MDM instance, with the company identifying more than 1100 such instances during a sweep for the research.

Team82 noted that there have been a number of attacks on endpoint management products in recent years, including the high-profile compromise of the Kaseya VSA by the REvil ransomware group in July 2021. The attack caused more than 1000 companies to experience significant downtime.

According to Team82, FileWave worked closely with the team to address the vulnerabilities and notify users. The company addressed the issues in the v14.7.2 update to the platform.

Image credit: ©stock.adobe.com/au/Rawpixel.com