In June 2020, MobileIron reported a critical RCE vulnerability registered under CVE-2020-15505. The vulnerability was fixed in its security update released on June 15, 2020.
However, the NCSC has now released an advisory that the same vulnerability is being targeted by multiple state actors against U.K.-based organizations.
MobileIron is a provider of mobile device management (MDM) systems. These systems enable administrators to manage an organization’s mobile devices from a central server, thus, making them a hot favorite among threat actors. MDM systems are generally highly secured, but the CVE-2020-15505 vulnerability allowed remote attackers to execute an arbitrary code via unspecified vectors. This was a serious threat, and the criticality of the vulnerability can be gauged by its CVSS v3 score, which stood at 9.8.
The Recent Spike
Although a security update was released earlier, it has been observed by the NCSC that various state-sponsored threat actors are still actively exploiting this vulnerability in systems that have still not been patched. The U.K.’s cybersecurity watchdog said, “The NCSC is aware that Advanced Persistent Threat (APT) nation-state groups and cybercriminals are now actively attempting to exploit this vulnerability to compromise the networks of U.K. organizations.” NCSC noted that the increased exploitation of this vulnerability in recent months could be because a proof of concept exploit became available in September 2020 on a popular open-source forum.
The U.S. cybersecurity agency, CISA, already issued an alert in early October about the same vulnerability being used in tandem with the Netlogon/Zerologon vulnerability CVE-2020-1472 in a single intrusion attempt.
As per MobileIron’s website, following are the versions affected by the vulnerability:
- 10.3.0.3 and earlier
- 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0
- Sentry versions 9.7.2 and earlier
- Monitor and Reporting Database (RDB) version 18.104.22.168 and earlier
Both NCSC and MobileIron have urged its users to apply the latest patches, which are available here.