PT-2020-6510 · Mobileiron · Mobileiron Sentry+3

Cheng-Da Tsai

+1

·

Published

2020-06-15

·

Updated

2023-01-27

·

CVE-2020-15505

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 MobileIron Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 MobileIron Sentry versions 9.7.2 and earlier, and 9.8.0 MobileIron Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier
Description The issue is related to insufficient access control in MobileIron products, allowing a remote attacker to execute arbitrary code. This can be achieved via unspecified vectors, potentially leading to remote code execution.
Recommendations For MobileIron Core versions 10.3.0.3 and earlier, update to version 10.3.0.4 or later. For MobileIron Core versions 10.4.x, update to version 10.4.0.4 or later. For MobileIron Core versions 10.5.x, update to version 10.5.1.1 or later. For MobileIron Core versions 10.5.2.x, update to version 10.5.2.1 or later. For MobileIron Core versions 10.6.x, update to version 10.6.0.1 or later. For MobileIron Connector versions 10.3.0.3 and earlier, update to version 10.3.0.4 or later. For MobileIron Connector versions 10.4.x, update to version 10.4.0.4 or later. For MobileIron Connector versions 10.5.x, update to version 10.5.1.1 or later. For MobileIron Connector versions 10.5.2.x, update to version 10.5.2.1 or later. For MobileIron Connector versions 10.6.x, update to version 10.6.0.1 or later. For MobileIron Sentry versions 9.7.2 and earlier, update to version 9.7.3 or later. For MobileIron Sentry version 9.8.0, update to version 9.8.1 or later. For MobileIron Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier, update to a version later than 2.0.0.1.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-706CWE-269

Related Identifiers

BDU:2021-05693
CVE-2020-15505

Affected Products

Mobileiron Connector
Mobileiron Core
Mobileiron Monitor/Reporting Database
Mobileiron Sentry