The National Cyber Security Center of the United Kingdom (NCSC) issued a warning yesterday urging all agencies to fix the critical CVE-2020-15505 (RCE) remote vulnerability in the MobileIron mobile management platform (MDM).
MDM is a software platform that allows admins to manage remote mobile devices in their organization, including the promotion of applications, updates and the ability to change settings. This management is done from a central location, such as an administrator console running on the organization's server, making it the primary target for intruders.
The NCSC warns that they are aware that hacking teams are actively using MobileIron CVE-2020-1550 vulnerability to compromise various networks in the field of health, local government, logistics and legal sectors.
The NCSC is aware that some Advanced Persistent Threat (APT) groups and some cybercriminals are trying to exploit this vulnerability to compromise their networks. British organizations", States the advisory.
The US Government Security and Infrastructure Agency (CISA) also warned that APT hacking groups are actively using this vulnerability to access various networks. The National Security Agency of USA (NSA) states that CVE-2020-15505 is in the Top-25 of vulnerabilities used by Chinese state hackers.
MobileIron CVE-2020-15505 Vulnerability allows an attacker to remotely execute commands on an MDM server without having to authentication.
MDM servers need to be publicly accessible to manage remote mobile devices - this makes them a very good target for threatening factors.
The vulnerability was discovered and responsibly revealed by security researcher Orange Tsai in March and MobileIron released the patches and an advisory in June.
After that some APT or government groups started using vulnerability in various breached networks.
The UK NCSC strongly urges all organizations that use vulnerable software to implement patches immediately.
The MobileIron versions that are vulnerable to CVE-2020-15505 are the following:
- 10.3.0.3 and older
- 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0
- Sentry versions 9.7.2 and older
- Database Monitoring and Reporting (RDB) version 126.96.36.199 (and earlier versions)
Information on available patches can be found at Advisory of MobileIron.