Security News > 2020 > November > UK urges orgs to patch critical MobileIron CVE-2020-15505 RCE bug
The UK National Cyber Security Centre issued an alert yesterday, prompting all organizations to patch the critical CVE-2020-15505 remote code execution vulnerability in MobileIron mobile device management systems.
NCSC is warning that they are aware of hacking groups actively using the MobileIron CVE-2020-1550 vulnerability to compromise the networks in the healthcare, local government, logistics, and legal sectors.
"The NCSC is aware that Advanced Persistent Threat nation-state groups and cyber criminals are now actively attempting to exploit this vulnerability [T1190] to compromise the networks of UK organisations," the advisory reads.
The MobileIron CVE-2020-15505 vulnerability allows an attacker to remotely execute commands on an MDM server without needing to authenticate.
Researchers released a proof-of-concept exploit for the vulnerability that allows remote attackers to execute commands on vulnerable devices.
News URL
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1550 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. | 7.8 |
| 2020-07-07 | CVE-2020-15505 | Use of Incorrectly-Resolved Name or Reference vulnerability in Mobileiron products A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |