Login Sign Up

CVE-2022-34906

7.5 HIGH
Authentication Bypass

📋 TL;DR

FileWave versions before 14.6.3 and 14.7.x before 14.7.2 use a hard-coded cryptographic key, allowing unauthenticated attackers to decrypt sensitive information stored in the system and potentially send crafted requests. This affects organizations using vulnerable FileWave Mobile Device Management (MDM) deployments.

💻 Affected Systems

Products:
  • FileWave Mobile Device Management
Versions: All versions before 14.6.3 and 14.7.x before 14.7.2
Operating Systems: All platforms where FileWave is installed
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Filewave by Filewave

View all CVEs affecting Filewave →

Filewave by Filewave

View all CVEs affecting Filewave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of encrypted sensitive data (credentials, configurations, device information) and ability to send malicious commands to managed devices.

🟠

Likely Case

Exfiltration of sensitive configuration data and potential unauthorized access to MDM-controlled systems.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to FileWave servers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires knowledge of the hard-coded key but no authentication to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.6.3 or 14.7.2

Vendor Advisory: https://kb.filewave.com/pages/viewpage.action?pageId=55544244

Restart Required: Yes

Instructions:

1. Backup FileWave configuration and data. 2. Download and install FileWave version 14.6.3 or 14.7.2 from vendor portal. 3. Restart FileWave services. 4. Verify successful update.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to FileWave servers to trusted internal networks only.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate FileWave servers from untrusted networks
  • Monitor for unusual decryption attempts or unauthorized access to FileWave services

🔍 How to Verify

Check if Vulnerable:

Check FileWave version in admin console or via command line: On Linux: /usr/local/filewave/fwcld -v, On Windows: Check installed programs list

Check Version:

On Linux: /usr/local/filewave/fwcld -v, On Windows: Check Control Panel > Programs and Features

Verify Fix Applied:

Confirm version is 14.6.3 or higher, or 14.7.2 or higher using same version check commands

📡 Detection & Monitoring

Log Indicators:

  • Unusual decryption attempts
  • Unauthorized access to FileWave API endpoints
  • Failed authentication from unexpected sources

Network Indicators:

  • Unusual traffic patterns to FileWave servers from external IPs
  • Suspicious API calls to FileWave services

SIEM Query:

source="filewave" AND (event_type="decryption" OR event_type="api_access") AND src_ip NOT IN (trusted_networks)

📊 Metadata

CVE ID: CVE-2022-34906
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-798
Published: July 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-34906, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)