Advanced Persistent Threat (APT) groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns.
Attackers are now targeting the critical remote code-execution flaw to compromise systems in the healthcare, local govt., logistics & legal sectors, etc..
The issue is (CVE-2020-15505) – a remote code-execution flaw. It ranks 9.8 out of 10 on the CVSS severity scale, making it critical.
Exploit
The flaw was patched in June, however, a proof of concept (PoC) exploit became available in Sept. Since, both hostile state players & cyber-criminals have tried to exploit the flaw in the UK, says a new advisory by the National Cyber Security Centre (NCSC).
“These actors typically scan victim networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting,” explained the NCSC in an advisory this week. “In some cases, when the latest updates are not installed, they have successfully compromised systems.”
Targeted
The NCSC explained that the healthcare, local govt., logistics & legal sectors have all been targeted, but others could also be affected too.
Also, the US Cybersecurity & Infrastructure Security Agency (CISA) in Oct. warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability (CVE-2020-1472).
The Flaw
The flaw,1st reported to MobileIron by Orange Tsai from DEVCORE, could allow an attacker to execute remote exploits without authentication.
MobileIron provides a platform that allows enterprises to manage the end-user mobile devices across their company.
The flaw exists across various components of this platform: In MobileIron Core, a component of the MobileIron platform that serves as the administrative console; & in MobileIron Connector, a component that adds real-time connectivity to the backend.
Sentry
Also impacted is Sentry, an in-line gateway that manages, encrypts & secures traffic between the mobile-device & back-end enterprise systems; & Monitor & Reporting Database, which provides ‘comprehensive performance management functionality.’
The bug affects Core & Connector versions 10.3.0.3 & earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 & 10.6.0.0; & Sentry versions 9.7.2 & earlier, & 9.8.0; & Monitor & Reporting Database (RDB) version 2.0.0.1 & earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
Patches
MobileIron, suggested in an update this week that it has been engaging in “proactive outreach to help customers secure their systems,” & estimates that 90 to 95% of all devices are now managed on patched/updated versions of software.
Although the company observed it will continue to follow up with the remaining customers where we can determine that they have not yet patched affected products, it strongly urges companies to make sure they are updated.
“MobileIron strongly recommends that customers apply these & security updates as soon as possible,” concluded the company in its security update.
https://www.cybernewsgroup.co.uk/virtual-conference-january-2021/