Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks

guest · Sep 14, 2020

Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks
September 14, 2020
https://www.securityweek.com/vulnerabilities-expose-thousands-mobileiron-servers-remote-attacks

The vulnerabilities were identified by researchers at security consulting firm DEVCORE and they were reported to MobileIron in early April. Patches were released on June 15 and the vendor released an advisory on July 1.

The security holes can be exploited for remote code execution (CVE-2020-15505), to read arbitrary files from a targeted system (CVE-2020-15507), and bypass authentication mechanisms remotely (CVE-2020-15506). Affected products include MobileIron Core (version 10.6 and earlier), MobileIron Sentry, MobileIron Cloud, Enterprise Connector, and Reporting Database.

[...] researchers’ analysis showed that over 15% of Global Fortune 500 organizations exposed their MobileIron servers to the internet, including Facebook.
Click to expand...

Orange Tsai told SecurityWeek that exploiting CVE-2020-15505, which is a deserialization-related issue, is enough for a remote, unauthenticated attacker to achieve arbitrary code execution on a vulnerable MobileIron server.
The researcher says there are currently roughly 10,000 potentially exposed servers on the internet, and while a patch has been available for months, he claims roughly 30% of servers on the internet remain unpatched.
Click to expand...

After seeing that Facebook failed to patch its MobileIron server two weeks after the release of a fix, DEVCORE reported the issue to the social media giant through its bug bounty program.
Click to expand...

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

guest · Sep 18, 2020

ACSC
Active exploitation of vulnerable MobileIron products
September 18, 2020
https://www.cyber.gov.au/acsc/view-...e-exploitation-vulnerable-mobileiron-products

The ACSC is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.
Click to expand...

What to do
The ACSC recommends that all Australian organisations patch all MobileIron devices under their control to the latest version as soon as possible.
Protect yourself
The main vulnerability targeted is identified by Common Vulnerabilites and Exposure (CVE-2020-15505) and is addressed by a patch released by the vendor.
Further information
Full details of affected versions and patches are available from MobileIron
Click to expand...

guest · Oct 21, 2020

MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states
Threat actors range from DDoS botnets to Chinese state-sponsored hacking groups
October 21, 2020
https://www.zdnet.com/article/mobil...s-under-attack-from-ddos-gangs-nation-states/

A month after details were published about three severe vulnerabilities in a type of server used to manage fleets of mobile devices, multiple threat actors are now exploiting these bugs to take over crucial enterprise servers and even orchestrate intrusions inside company networks.

The targets of these attacks are MDM servers from software maker MobileIron.
THREE MAJOR BUGS DISCOVERED IN MOBILEIRON MDMS
Earlier this summer, a security researcher named Orange Tsai discovered three major vulnerabilities in MobileIron's MDM solutions, which he reported to the vendor, and which the company patched in July.
But Tsai never released in-depth details about any of the three bugs, allowing companies to update their systems.
Click to expand...

EXPLOITATION BEGINS AFTER POC IS PUBLISHED ON GITHUB
But Tsai's blog post also had some unintended consequences.
This PoC exploit was later released on GitHub and made available to other security researchers and penetration testers, but also to attackers.

Today, the US National Security Agency (NSA) listed the MobileIron CVE-2020-15505 as one of the top 25 vulnerabilities exploited by Chinese state-sponsored hackers in recent months.
Click to expand...

COMPANIES URGED TO PATCH
But at this point in time, patching is only half of the job. Companies must also perform security audits of their MobileIron MDM servers, their mobile devices, and internal networks.
Click to expand...

guest · Nov 23, 2020

NCSC
Alert: Multiple actors are attempting to exploit MobileIron vulnerability CVE 2020-15505
MobileIron remote code execution vulnerability is a target for APT nation state groups and cyber criminals to compromise the networks of UK organisations
November 23, 2020
https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability

In June 2020 MobileIron, a provider of mobile device management (MDM) systems, released security updates to address several vulnerabilities in their products. This included CVE-2020-15505, a remote code execution vulnerability, rated critical.

MDM systems allow system administrators to manage an organisation’s mobile devices from a central server, making them a valuable target for threat actors.
The NCSC is aware that Advanced Persistent Threat (APT) nation-state groups and cyber criminals are now actively attempting to exploit this vulnerability [T1190] to compromise the networks of UK organisations.
Click to expand...

Log in or Sign up

Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches