CVE-2020-15505
CVE-2020-15505
In short
A critical vulnerability in MobileIron security software allows attackers to remotely execute malicious code on affected systems without authentication or user interaction. This could give attackers complete control over enterprise mobile device management infrastructure.
Technical detail
Remote code execution vulnerability affecting MobileIron Core, Connector, Sentry, and RDB components through unspecified attack vectors (CWE-706: Use of Externally-Controlled Format String). No authentication required; exploitation results in arbitrary code execution with system privileges on vulnerable versions through 10.6.0.0 and earlier.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
cve_referencepacketstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.htmlhttps://cwe.mitre.org/data/definitions/41.htmlhttps://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-15505https://www.mobileiron.com/en/blog/mobileiron-security-updates-available