MobileIron MDM Vulnerability Actively Exploited
NJCCIC Alert
Original Release Date: 10/22/2020
Summary
Multiple threat actors are exploiting vulnerabilities identified last month in MobileIron to target Mobile Device Management (MDM) servers after a proof of concept (POC) was publicly released. Attempted attacks include compromised enterprise servers, company network intrusion, and distributed denial-of-service (DDoS). Additionally, the National Security Agency (NSA) identified the MobileIron vulnerability (CVE-2020-15505) as one of the top 25 publicly known vulnerabilities exploited by Chinese State-Sponsored Actors. Over 20,000 companies, including multiple Fortune 500 companies, use the MobileIron MDM. Though patches for this vulnerability were released in June 2020, it is likely that many MDM servers remain vulnerable.
Recommendations
The NJCCIC urges organizations that utilize affected MobileIron products to apply patches or update to a current version immediately. Additionally, we recommend administrators perform security audits of MobileIron MDM servers, mobile devices, and internal networks after applying patches to verify integrity. Further information can be found in the ZDNet article.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.