Existing SureMDM vulnerabilities could expose companies to supply chain attacks

New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks News

A number of security vulnerabilities have been disclosed in 42 Gears’ SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations.

Cybersecurity firm Immersive Labs, in a technical write-up detailing the findings, said that 42Gears released a series of updates between November 2021 and January 2022, affecting both the platform’s Linux agent and the web console.

The India-based company’s SureMDM is a cross-platform mobile device management service that allows enterprises to remotely monitor, manage, and secure their fleet of company-owned machines and employee-owned devices. 42Gears claims that SureMDM is used by over 10,000 companies worldwide.

The issues found in the dashboard could also be of critical nature and allow an attacker to execute code on individual desktops or servers. Furthermore, they could permit the injection of malicious JavaScript code as well as make it possible to register rogue devices and even spoof existing devices without any authentication.

“By chaining the vulnerabilities affecting the web console together, an attacker could disable security tools and install malware or other malicious code onto every Linux, MacOS or Android device with SureMDM installed,” Kev Breen, Immersive Lab’s director of threat research, said. “An attacker does not need to know customer details to achieve this or even have an account on SureMDM. “

This could then play out in the form of a supply chain attack wherein the exploit could be executed when a user logs in to the SureMDM console, resulting in the compromise of every managed device in the organization.

The second set of security weaknesses impact SureMDM’s Linux Agent up to and including 3.0. 5 that could enable an adversary to achieve remote code execution on the hosts as the root user. Breen said that this vulnerability can also be used to gain local access on the hosts affected to increase privileges from root user to standard.

Rate author