- The vulnerabilities are remotely exploitable and can allow an attacker to bypass authentication mechanisms to gain full control.
- The vulnerabilities affect all software versions prior to version 14.6.3, as well as 14.7.x versions prior to version 14.7.2.
- The patches are included in versions 14.6.3, 14.7.2, as well as in the latest software release 14.8, and all future subsequent versions.
FileWave fixed two vulnerabilities in the endpoint management software. The vulnerabilities can allow an attacker to bypass authentication and take full control. Vulnerabilities were discovered by Claroty Research, a cybersecurity research company. The vulnerabilities expose organizations to risks, such as ransomware, data theft, and remote device control.
Fix is available
One of the two vulnerabilities, tracked as CVE-2022-34907, is an authentication bypass, similar to the vulnerability found in F5 BIG-IP WAF. It is caused by an important FileWave MDM component in the MDM web server, written in Python using the Django framework. It exposes TCP ports 20443 and 20445. The other vulnerability, tracked as CVE-2022-34906, is discovered in the hardcoded cryptographic key, which can be used to decrypt sensitive data in FileWave and send crafted requests to devices associated with the MDM platform.
The company stated that the vulnerabilities are affecting all software versions prior to version 14.6.3, as well as 14.7.x versions prior to version 14.7.2. The security update was released to address the vulnerabilities. The company urges users to upgrade their software to version 14.6.3, 14.7.2, as well as in the latest software release 14.8, and all future subsequent versions. The company notified users about the vulnerabilities and provided a software upgrade to address the vulnerabilities. FileWave said,
« The security of the software and the protection of users’ systems and infrastructure is a top priority at FileWave. Therefore, the security vulnerabilities were carefully reviewed and confirmed in close cooperation with Claroty Research. Immediately after the vulnerabilities became known, measures were taken to develop patched versions of the software, following a robust protocol to not only provide FileWave software users with a solution, but also to protect and help them understand the risks and install software upgrades on their servers in a timely manner. The implementation of the patched software versions should have eliminated the risk of the vulnerabilities to be exploited by third-party attacks. Since the identification of the vulnerabilities, no actual exploitation has become known to FileWave to date. »