[German]The National Cyber Security Centre (NCSC) in the UK has issued a warning that a vulnerability in MobileIron mobile device management (MDM) software is under attack by state-sponsored hackers and organized crime.
Advertising
In this message dated November 23, 2020, the National Cyber Security Centre (NCSC) in the UK points out that several players are trying to exploit vulnerability CVE 2020-15505 in MobileIron Mobile Device Management (MDM). MDM systems allow system administrators to manage an organization's mobile devices from a central server, making them a lucrative target for threat actors.
In June 2020, MobileIron, a provider of mobile device management (MDM) systems, released security updates to address several vulnerabilities in its products. These included CVE-2020-15505, a 'vulnerability' that allows remote code execution, which was identified as critical.
This critical vulnerability affects MobileIron core and connector products and could allow a remote attacker to execute arbitrary code on a system. The MobileIron website lists the following versions as affected:
- 10.3.0.3 and earlier
- 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 und 10.6.0.0
- Sentry versions 9.7.2 and earlier
- 9.8.0
- Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier
A "proof of concept exploit" became available in September 2020, and since then both hostile state actors and cybercriminals have tried to exploit this vulnerability in the UK. These actors typically scan victims' networks to identify vulnerabilities (including CVE-2020-15505) to be used in target selection.
In some cases where the latest updates are not installed, they have successfully compromised systems. Healthcare, local government, logistics and the legal sector have all been targeted, but other areas may also be affected.
Advertising
MobileIron provided security updates for all affected versions on June 15, 2020. Organisations can find all relevant links to the updates on the MobileIron website at this web address.
