New SureMDM vulnerabilities could expose companies to supply chain attacks
A number of security vulnerabilities have been disclosed in 42 Gears’ SureMDM device management solution that could be used by attackers to compromise the supply chain against affected organizations.
The cybersecurity company Immersive Labs, in a technical writing detailing the findings, said 42Gears released a series of updates between November 2021 and January 2022 to address multiple flaws affecting both the platform’s Linux agent and web console.
The India-based company SureMDM is a cross-platform mobile device management service that enables enterprises to remotely monitor, manage and secure their fleet of company-owned machines and employee-owned devices. 42Gears complaints that SureMDM is used by more than 10,000 companies worldwide.
“By chaining vulnerabilities affecting the web console, an attacker could disable security tools and install malware or other malicious code on every Linux, macOS or Android device that has SureMDM installed,” said Kev Breen, Director threat research at Immersive Lab. “An attacker does not need to know customer details to achieve this or even have an account on SureMDM.”
This could then take the form of a supply chain attack in which the exploit could be executed when a user logs into the SureMDM console, leading to the compromise of every managed device in the organization.
The second set of security weaknesses affects SureMDM’s Linux agent up to and including version 3.0.5, which could allow an adversary to remotely execute code on hosts as the root user. “This vulnerability could also be exploited with local access to affected hosts to elevate privileges from the standard user to the root user,” Breen added.