MobileIron Security Updates Available
Recently, Orange Tsai from DEVCORE reported to MobileIron that he had identified vulnerabilities in MobileIron Core that could allow an attacker to execute remote exploits without authentication.
The MobileIron security and engineering team validated the reported vulnerabilities and extended the review to all supported MobileIron products to identify any related impacts. We developed and made available patches to address these vulnerabilities.
|Remote Code Execution||A remote code execution vulnerability in MobileIron Core and Connector versions 10.6 and earlier, and Sentry versions 9.8 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.||CVE-2020-15505|
|Arbitrary File Reading||An arbitrary file reading vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to read files on the system via unspecified vectors.||CVE-2020-15507|
|Authentication Bypass||An Authentication Bypass vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to bypass authentication mechanisms via unspecified vectors.||CVE-2020-15506|
We are not aware of any customers impacted due to these vulnerabilities.
Products Affected and Available Patches:
- MobileIron Core
- MobileIron Sentry
- MobileIron Cloud
- Enterprise Connector
- Reporting Database (RDB)
Patches for all impacted products were made available on June 15, 2020. Customers can access all patches at: https://help.mobileiron.com/s/article-detail-page?Id=kA12T000000g065SAA
MobileIron strongly recommends that customers apply these patches and any security updates as soon as possible.