New SureMDM Vulnerabilities May Put Companies at Risk of Supply Chain Attacks

New SureMDM Vulnerabilities May Put Companies at Risk of Supply Chain Attacks

Short News:-  

Multiple security holes were discovered in 42 Gears' SureMDM device management solution. Assailants could exploit these flaws to compromise the supply chain of target organizations. The company's web dashboard's issues are also critical, as they could allow an attacker to gain code execution.

Detailed News:- 

Assailants could exploit multiple security flaws in 42 Gears' SureMDM device management solutions to compromise the supply chain of target organizations.

There were multiple flaws discovered in 42Gears' Linux agent and web console between November 2021 and early January 2022, according to a technical write-up from cybersecurity firm Immersive Labs.

An enterprise's mobile devices can be monitored, managed, and secured from afar with SureMDM, an India-based company's cross-platform mobile device management service. 42Gears claims that SureMDM has been used by more than 10,000 companies worldwide.

The web dashboard's issues are also critical, as they could allow an attacker to gain code execution over individual devices, desktops, or servers. They should be addressed immediately. They could also allow JavaScript code to be injected, making it possible to register rogue devices and even spoof existing devices without authentication.

Security researcher Kev Breen at Immersive Lab says an attacker could take advantage of the web console's flaws to disable security tools and infect any Linux, MacOS or Android device running SureMDM with malware or other malicious code. No customer information or even an account on SureMDM is required for this to work."

Supply chain attacks could then take place where an exploit could be used to take over every managed device in an organization if a user were to log in to SureMDM.

An adversary could gain root-level access to a host by exploiting security holes in SureMDM's Linux Agent up through and including 3.0.5. Additionally, Breen noted that this flaw could also be exploited locally on the vulnerable hosts to elevate privileges from standard to root.