Multiple vulnerabilities have been discovered in the SureMDM device management solution sold by 42 Gears, prompting the company to release a series of updates to address the issues.
Immersive Labs published a detailed breakdown of the vulnerabilities — one of which is critical — that affect SureMDM’s Linux agent and the web console. Kevin Breen, director of cyber threat research at Immersive Labs, told ZDNet that the company says it has more than five million successful deployments worldwide and 18,000 customers.
It is unclear how many use the products affected by the issues they discovered, but Breen said anyone using the Linux version listed in the post was vulnerable to those vulnerabilities. Anyone who used the web console was also vulnerable until December.
“The more concerning set of vulnerabilities were the ones affecting the web console. These vulnerabilities could have allowed an attacker to gain code execution over individual devices, desktops or servers using the SureMDM web dashboard. By chaining the vulnerabilities affecting the web console together, an attacker could disable security tools and install malware or other malicious code onto every Linux, MacOS or Android device with SureMDM installed. An attacker does not need to