SureMDM security vulnerabilities can lead to Supply Chain Attacks

Multiple security vulnerabilities have been disclosed in 42 Gears SureMDM solution. It is a mobile device management solution that can be manipulated by threat actors to execute supply chain attacks.

Identifying the SureMDM security vulnerabilities

A Cybersecurity firm called Immersive Labs was the one that first identified the vulnerabilities and has mentioned the details their paper. 42 Gears has released a series of updates from Nov 2021 to Jan 2022 addressing these multiple flaws affecting their Linux agent and web console.

42 Gears is a India-based mobile device management firm that has the SureMDM product which supports cross-platform management allowing admins to remotely monitor, manage, control and secure their company-owned, BYOD, and COPE devices.

As per the information shared by 42 Gears, SureMDM is actively used by around 10,000 organizations around the world.

Analyzing the SureMDM security vulnerabilities

The SureMDM security vulnerabilities look critical in nature as it allows attackers to perform remote code execution on mobile devices, laptops, desktops and servers. Additionally, these vulnerabilities can also allow attackers to inject malicious JavaScript code and register rogue devices with spoofing thus making unauthorized devices a legal one.

The following is the list of security vulnerabilities identified,

• SureMDM agent spoofing
• SureMDM agent authentication bypass
• SureMDM dashboard XSS
• SureMDM agent remote code execution
• SureMDM Linux agent command injection
• SureMDM Linux agent remote code execution
• SureMDM Linux agent default root credentials
• SureMDM Linux agent local privilege escalation
• SureMDM Linux Sensitive Information Disclosure

With these multiple vulnerabilities an attacker will be able to disable security programs and deploy payloads into Linux, MacOS and Android devices with SureMDM as the catalyst for their operation said Kev Breen, Director of Threat Research at Immersive Labs. He also added that the attacker can exploit all the above mentioned flaws without having a SureMDM account.

These vulnerabilities can be later combined to perform a supply chain attack when a user logs into their SureMDM account thus infecting and compromising all the managed devices in the network.

Mitigation for SureMDM security vulnerabilities

An additional authentication check for agents can be good for validating rogue agents, and can prevent them from being registered. However, it can’t prevent the agents spoofing though. For other flaws, ensure you have the updated agents for Linux and mac devices to patch the above mentioned flaws. You can also contact 42 Gears Support if you need clarification on the updated agents and the patch notes.

As on Jan 3rd, 42 Gears responded with an update that they were continuing to apply additional mitigation mentioned above and beyond those reported by Immersive Labs.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.