Severe Vulnerabilities Found in MobileIron Device Management Products

Summary

DEVCORE researchers discovered three vulnerabilities in MobileIron that, if exploited, could allow threat actors to perform remote code execution (CVE-2020-15505), read arbitrary files (CVE-2020-15507), and remotely bypass authentication ( CVE_2020-1506 ). MobileIron provides organizations with Unified Endpoint Management (UEM), also known as Mobile Device Management (MDM), and is used to manage, secure, access, and protect corporate data for bring your own device (BYOD) or corporate-owned, personally enabled (COPE) device programs. Patches were developed and released on June 15, 2020, though researchers assess that thousands of servers remain vulnerable. A proof-of-concept (POC) exploit has been developed and released for CVE-2020-15505, though exploitation has not yet been observed in the wild. Versions 10.6 and earlier of the following MobileIron products are affected: MobileIron’s Core and Enterprise Connector, Sentry, Monitor and Reporting Database (RDB), and Cloud.

Recommendations

The NJCCIC recommends organizations that utilize affected MobileIron products to apply patches or update to a later version immediately. More information can be found in the Security Week article.