Security researchers DEVCORE revealed details about some vulnerabilities affecting MobileIron Mobile Management (MDM) solutions. One of these vulnerabilities could be exploited by an unauthorized person user for remote code execution to vulnerabilities servers.
The researchers discovered the vulnerabilities and reported them to MobileIron in early April. The patches were released on June 15, while on July 1, one was released guide.
Which MobileIron products are affected?
The products that are affected include MobileIron Core (version 10.6 and earlier versions), the MobileIron SentryThe MobileIron CloudThe Enterprise Connector and Reporting Database.
The company (DEVCORE) reported that it decided to analyze the products MobileIron due to their widespread use. Researchers estimate that at least 20.000 companies use its products and over 15% of Global Fortune 500 companies had their MobileIron servers exposed to Internet. Among these companies is Facebook.
Last year, one of DEVCORE researchers, o Orange Tsai, had revealed many other critical vulnerabilities that affected corporate VPN products from Palo Alto Networks, Fortinet and Pulse Secure. Those vulnerabilities were used by various hackers, including state hacking groups.
Orange Tsai told SecurityWeek that exploiting the CVE-2020-15505 vulnerability could allow remote code execution on a vulnerable MobileIron server.
According to researchers, there are about 10.000 potentially exposed servers on the Internet. The worry is that while the patch has been around for months, 30% of servers have not received it information and therefore remains vulnerable.
Facebook had not updated its server even two weeks after the patch was released. For this reason, his researchers reported the issue through the bug bounty program.
Shortly after Orange Tsai revealed the vulnerability, someone created and released a proof-of-concept (PoC) exploit for CVE-2020-15505.