The UK National Cyber Security Centre (NCSC) issued an alert prompting all organizations to patch the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems.
MobileIron remote code execution vulnerability is a target for APT nation state groups and cyber criminals to compromise the networks of UK organisations.
This critical vulnerability affects MobileIron Core and Connector products and could allow a remote attacker to execute arbitrary code on a system. The MobileIron website lists the following versions as affected:
- 10.3.0.3 and earlier
- 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0
- Sentry versions 9.7.2 and earlier
- 9.8.0
- Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier
A proof of concept exploit became available in September 2020 and since then both hostile state actors and cybercriminals have attempted to exploit this vulnerability in the UK.
These actors typically scan victim networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting (T1505.002). In some cases, when the latest updates are not installed, they have successfully compromised systems. The healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected.
