Menu Close

Critical MobileIron RCE Flaw – Active Attack!

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Advanced Persistent Threat (APT) groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns.

Attackers are now targeting the critical remote code-execution flaw to compromise systems in the healthcare, local govt., logistics & legal sectors, etc..

The issue is (CVE-2020-15505) –  a remote code-execution flaw. It ranks 9.8 out of 10 on the CVSS severity scale, making it critical.

Exploit

The flaw was patched in June, however, a proof of concept (PoC) exploit became available in Sept. Since, both hostile state players & cyber-criminals have tried to exploit the flaw in the UK, says a new advisory by the National Cyber Security Centre (NCSC).

“These actors typically scan victim networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting,” explained the NCSC in an advisory this week. “In some cases, when the latest updates are not installed, they have successfully compromised systems.”

Targeted

The NCSC explained that the healthcare, local govt., logistics & legal sectors have all been targeted, but others could also be affected too.

Also, the US Cybersecurity & Infrastructure Security Agency (CISA) in Oct. warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability (CVE-2020-1472).

The Flaw

The flaw,1st reported to MobileIron by Orange Tsai from DEVCORE, could allow an attacker to execute remote exploits without authentication.

MobileIron provides a platform that allows enterprises to manage the end-user mobile devices across their company.

The flaw exists across various components of this platform: In MobileIron Core, a component of the MobileIron platform that serves as the administrative console; & in MobileIron Connector, a component that adds real-time connectivity to the backend.

Sentry

Also impacted is Sentry, an in-line gateway that manages, encrypts & secures traffic between the mobile-device & back-end enterprise systems; &  Monitor & Reporting Database, which provides ‘comprehensive performance management functionality.’

The bug affects Core & Connector versions 10.3.0.3 & earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 & 10.6.0.0; & Sentry versions 9.7.2 & earlier, & 9.8.0; & Monitor & Reporting Database (RDB) version 2.0.0.1 & earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

Patches

MobileIron, suggested in an update this week that it has been engaging in “proactive outreach to help customers secure their systems,” & estimates that 90 to 95% of all devices are now managed on patched/updated versions of software.

Although the company observed it will continue to follow up with the remaining customers where we can determine that they have not yet patched affected products, it strongly urges companies to make sure they are updated.

“MobileIron strongly recommends that customers apply these & security updates as soon as possible,” concluded the company in its security update.

Virtual Conference January 2021

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds