Security News > 2022 > February > New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks
A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations.
The India-based company's SureMDM is a cross-platform mobile device management service that allows enterprises to remotely monitor, manage, and secure their fleet of company-owned machines and employee-owned devices.
42Gears claims that SureMDM is used by over 10,000 companies worldwide.
The issues identified in the web dashboard are also of critical in nature, potentially allowing an attacker to gain code execution over individual devices, desktops, or servers.
"By chaining the vulnerabilities affecting the web console together, an attacker could disable security tools and install malware or other malicious code onto every Linux, MacOS or Android device with SureMDM installed," Kev Breen, Immersive Lab's director of threat research, said.
This could then play out in the form of a supply chain attack wherein the exploit could be executed when a user logs in to the SureMDM console, resulting in the compromise of every managed device in the organization.
News URL
https://thehackernews.com/2022/01/new-suremdm-vulnerabilities-could.html
Related news
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)