Multiple vulnerabilities in MobileIron Core and Connector



Published: 2020-07-07 | Updated: 2020-09-16
Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2020-15507
CVE-2020-15506
CVE-2020-15505
CWE-ID CWE-200
CWE-287
CWE-94
Exploitation vector Network
Public exploit Vulnerability #3 is being exploited in the wild.
Vulnerable software
Subscribe
Enterprise Connector
Client/Desktop applications / Other client software

Reporting Database (RDB)
Client/Desktop applications / Other client software

MobileIron Cloud
Client/Desktop applications / Other client software

Endpoint Manager Mobile (formerly MobileIron Core)
Server applications / IDS/IPS systems, Firewalls and proxy servers

MobileIron Sentry
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Ivanti

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU46746

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15507

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can read files on the system via unspecified vectors.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Enterprise Connector: 10.6

Reporting Database (RDB): All versions

Endpoint Manager Mobile (formerly MobileIron Core): 10.6

MobileIron Sentry: 9.8

MobileIron Cloud: All versions

External links

http://www.mobileiron.com/en/blog/mobileiron-security-updates-available


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authentication

EUVDB-ID: #VU46747

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15506

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication mechanisms via unspecified vectors and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Enterprise Connector: 10.6

Reporting Database (RDB): All versions

Endpoint Manager Mobile (formerly MobileIron Core): 10.6

MobileIron Sentry: 9.8

MobileIron Cloud: All versions

External links

http://www.mobileiron.com/en/blog/mobileiron-security-updates-available


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Code Injection

EUVDB-ID: #VU46745

Risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-15505

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can execute arbitrary code on the target system via unspecified vectors.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Enterprise Connector: 10.6

Reporting Database (RDB): All versions

Endpoint Manager Mobile (formerly MobileIron Core): 10.6

MobileIron Sentry: 9.8

MobileIron Cloud: All versions

External links

http://www.mobileiron.com/en/blog/mobileiron-security-updates-available


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###