Monday, January 25, 19:36
Home security Vulnerabilities expose thousands of MobileIron servers to attacks

Vulnerabilities expose thousands of MobileIron servers to attacks

MobileIron

Security researchers DEVCORE revealed details about some vulnerabilities affecting MobileIron Mobile Management (MDM) solutions. One of these vulnerabilities could be exploited by an unauthorized person user for remote code execution to vulnerabilities servers.

The researchers discovered the vulnerabilities and reported them to MobileIron in early April. The patches were released on June 15, while on July 1, one was released guide.

Vulnerabilities can be used by hackers for remote code execution (CVE-2020-15505), for reading files from a targeted system (CVE-2020-15507) and for bypass authentication mechanisms (CVE-2020-15506).

Which MobileIron products are affected?

The products that are affected include MobileIron Core (version 10.6 and earlier versions), the MobileIron SentryThe MobileIron CloudThe Enterprise Connector and Reporting Database.

The company (DEVCORE) reported that it decided to analyze the products MobileIron due to their widespread use. Researchers estimate that at least 20.000 companies use its products and over 15% of Global Fortune 500 companies had their MobileIron servers exposed to Internet. Among these companies is Facebook.

vulnerabilities

Last year, one of DEVCORE researchers, o Orange Tsai, had revealed many other critical vulnerabilities that affected corporate VPN products from Palo Alto Networks, Fortinet and Pulse Secure. Those vulnerabilities were used by various hackers, including state hacking groups.

Orange Tsai told SecurityWeek that exploiting the CVE-2020-15505 vulnerability could allow remote code execution on a vulnerable MobileIron server.

According to researchers, there are about 10.000 potentially exposed servers on the Internet. The worry is that while the patch has been around for months, 30% of servers have not received it information and therefore remains vulnerable.

Facebook had not updated its server even two weeks after the patch was released. For this reason, his researchers reported the issue through the bug bounty program.

Shortly after Orange Tsai revealed the vulnerability, someone created and released a proof-of-concept (PoC) exploit for CVE-2020-15505.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...

SpaceX launched 143 satellites simultaneously

SpaceX broke every record with its last spacecraft mission into orbit. The company successfully launched the Transporter-1 mission ...

Sony may resurrect the Xperia Compact to compete with Apple

Have you seen the iPhone 12 mini and wish there was an Android equivalent to this small but powerful smartphone? Can the desire ...

Artificial intelligence (AI) may one day be used against us

AI algorithms offer us the news we read, the ads we see, and in some cases even drive cars ...