CVE-2022-34906
published 2022-07-25CVE-2022-34906: A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt…
PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
10.53%
95.2th percentile
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| filewave | filewave | < 14.6.3 | 14.6.3 |
| filewave | filewave | >= 14.7.0 < 14.7.2 | 14.7.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/https://kb.filewave.com/pages/viewpage.action?pageId=55544244https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/https://kb.filewave.com/pages/viewpage.action?pageId=55544244
2022-07-25
Published