On Monday researchers from Claroty released a report detailing two critical vulnerabilities in FileWave’s Mobile Device Management (MDM) system. These vulnerabilities consist of a hard-coded cryptographic key (CVE-2022-34906) and an authentication bypass (CVE-2022-34907), which have been patched in version 14.7.2 of the FileWave MDM. By leveraging these two exploits, the researchers were able to gain Super User access, access all data and credentials stored on the devices, achieve arbitrary remote code execution, and push malicious code — including ransomware — to all devices managed by the MDM.
Companies using FileWave MDM should update to 14.7.2 as soon as their change management process enables them to do so, and should prioritize this update as an emergency change. A successful exploitation of the MDM system would provide an attacker with total control of all devices managed by FileWave, so the risk to companies is very high.
MDM systems, due to the nature of their functionality, require some level of public-facing access in order to manage devices which are not on the corporate network. However, administrative access should be public facing. It is recommended that companies work with MDM vendors to configure their system to prevent public access to administrative controls.