• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new suremdm vulnerabilities could expose companies to supply chain attacks

New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks

You are here: Home / General Cyber Security News / New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks
February 1, 2022

A variety of security vulnerabilities have been disclosed in 42 Gears’ SureMDM system administration remedy that could be weaponized by attackers to complete a provide chain compromise towards influenced organizations.

Cybersecurity organization Immersive Labs, in a technological produce-up detailing the results, stated that 42Gears introduced a collection of updates in between November 2021 and January 2022 to shut out multiple flaws influencing equally the platform’s Linux agent and the web console.

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The India-primarily based firm’s SureMDM is a cross-system cell device management support that makes it possible for enterprises to remotely keep an eye on, handle, and secure their fleet of business-owned devices and personnel-owned equipment. 42Gears claims that SureMDM is applied by over 10,000 corporations throughout the world.

The issues identified in the web dashboard are also of critical in character, perhaps permitting an attacker to acquire code execution about personal gadgets, desktops, or servers. On top of that, they could permit the injection of malicious JavaScript code as properly as make it achievable to sign up rogue gadgets and even spoof present equipment without the need of any authentication.

“By chaining the vulnerabilities affecting the web console jointly, an attacker could disable security tools and set up malware or other destructive code onto every single Linux, MacOS or Android system with SureMDM installed,” Kev Breen, Immersive Lab’s director of risk study, claimed. “An attacker does not want to know shopper facts to obtain this or even have an account on SureMDM.”

Prevent Data Breaches

This could then perform out in the kind of a supply chain attack wherein the exploit could be executed when a consumer logs in to the SureMDM console, resulting in the compromise of each and every managed product in the corporation.

The second established of security weaknesses effect SureMDM’s Linux Agent up to and like 3..5 that could help an adversary to obtain distant code execution on the hosts as the root consumer. “This vulnerability could also be exploited with area entry to the influenced hosts in buy to escalate privileges from regular to root consumer,” Breen included.

Uncovered this write-up exciting? Abide by THN on Fb, Twitter  and LinkedIn to study a lot more exclusive articles we article.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «new samba bug allows remote attackers to execute arbitrary code New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root
Next Post: Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Sioux Falls Funds DSU Cybersecurity Lab
  • ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps
  • Irish Watchdog Fines Meta $19m Over Data Breach
  • Avast Merger Raises Competition Concerns
  • Linux botnet spreads using Log4Shell flaw
  • Another Destructive Wiper Targets Organizations in Ukraine
  • New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
  • New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Copyright © TheCyberSecurity.News, All Rights Reserved.