Articles MobileIron: RCE flaw under attack

MobileIron: RCE flaw under attack

-

MobileIron – According to a new advisory, MobileIron’s mobile device management security solutions are currently under attack by Advanced persistent threat (APT) groups trying to exploit an RCE vulnerability.

The CVE (CVE-2020-15505) has been identified as a remote code-execution flaw and has been given a 9.8 out of 10 on the CVSS severity scale, making it critical.

This flaw was patched last June, but a brand new PoC was published back in September, allowing Criminal Hackers and State sponsored actors alike to exploit it.

According to the NCSC: “These actors typically scan victim networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting, in some cases, when the latest updates are not installed, they have successfully compromised systems.”.

The UK Government, through its official cyber security agency said that the healthcare, local government, logistics and legal sectors have all been targeted – but others could also be affected.

The news wasn’t ignored on the other side of the atlantic as well, with the Cybersecurity and Infrastructure Security Agency (CISA) in October warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability (CVE-2020-1472).

Why is this MobileIron flaw dangerous?

First reported to MobileIron by DEVCORE, this vulnerability is a straightforward RCE that could allow an attacker to execute remote exploits without authentication.

The criticality exists across various components of MobileIron platform such as MobileIron Core, a component of the MobileIron platform that serves as the administrative console; or in MobileIron Connector, a component that adds real-time connectivity to the backend.

Also impacted is Sentry, as reported, an in-line gateway that manages, encrypts and secures traffic between the mobile-device and back-end enterprise systems; and Monitor and Reporting Database, which provides comprehensive performance management functionality.

The bug affects Core and Connector versions:

  • 10.3.0.3 and earlier;
  • 10.4.0.0,
  • 10.4.0.1,
  • 10.4.0.2,
  • 10.4.0.3,
  • 10.5.1.0,
  • 10.5.2.0,
  • and 10.6.0.0;

Also affected, Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

Remediation

MobileIron, for its part, said in an update this week that it has been engaging in “proactive outreach to help customers secure their systems,” and estimates that 90 to 95 percent of all devices are now managed on  patched/updated versions of software.

While the company said it will continue to follow up with the remaining customers where we can determine that they have not yet patched affected products, it strongly urges companies to make sure they are updated.

“MobileIron strongly recommends that customers apply these patches and any security updates as soon as possible,” said the company in its security update.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you