MobileIron’s MDM Vulnerabilities
MobileIron’s mobile device management (MDM) allows a company to secure, manage, and monitor any corporate or employee-owned mobile device or desktop tat accesses critical business data. According to MobileIron themselves, more than 20,000 businesses use its products and research has shown that over 15% perfect of Global Fortune 500 organizations expose their MobileIron servers to the Internet, including Facebook. Because of this widespread use, security consulting firm DEVCORE decided to analyze MobileIron’s products and through this analysis they discovered several potentially serious vulnerabilities, including an vulnerability that can be exploited by an unauthenticated attacker for remote code execution on affected servers. DEVCORE reported these vulnerabilities to MobileIron in early April and patches were released June 15th with an advisory being released by MobileIron on July 1st.
The list of vulnerabilities includes:
- CVE-2020-15505
- A deserialization-related issue that can lead to a remote, unauthenticated attacker achieving arbitrary code execution on a vulnerable MobileIron server.
- CVE-2020-15506
- Allows for the bypassing of authentication mechanisms remotely.
- CVE-2020-15507
- Allows an attacker to read arbitrary files from a targeted system.
It’s imperative that all network and system administrators apply the patch to any vulnerable MobileIron products as researchers claim that there exist roughly 10,000 potentially exposed servers on the internet with 30% of them being unpatched. Affected products include: MobileIron Core (version 10.6 and earlier), MobileIron Sentry, MobileIron Cloud, Enterprise Connector, and Reporting Database.
Sources: