image credit: adobe stock
Claroty researchers discovered recently that the FileWave MDM product is affected by two critical security holes: an authentication bypass issue (CVE-2022-34907) and a hardcoded cryptographic key (CVE-2022-34906). The vendor quickly patched the flaws.
The authentication bypass vulnerability could allow a remote attacker to achieve “super_user” access and take full control of an internet-connected MDM instance. From there, the attacker could hack all devices managed using the FileWave product, including to steal sensitive information and deliver malware.
Comments are closed.
