Security News > 2020 > November > Critical MobileIron RCE Flaw Under Active Attack
Separately, the Cybersecurity and Infrastructure Security Agency in October warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability.
The flaw, first reported to MobileIron by Orange Tsai from DEVCORE, could allow an attacker to execute remote exploits without authentication.
MobileIron provides a platform that allows enterprises to manage the end-user mobile devices across their company.
The flaw exists across various components of this platform: In MobileIron Core, a component of the MobileIron platform that serves as the administrative console; and in MobileIron Connector, a component that adds real-time connectivity to the backend.
Threatpost has reached out to MobileIron for further comment.
News URL
https://threatpost.com/critical-mobileiron-rce-flaw-attack/161600/
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)