Security News > 2020 > November > Critical MobileIron RCE Flaw Under Active Attack
Separately, the Cybersecurity and Infrastructure Security Agency in October warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability.
The flaw, first reported to MobileIron by Orange Tsai from DEVCORE, could allow an attacker to execute remote exploits without authentication.
MobileIron provides a platform that allows enterprises to manage the end-user mobile devices across their company.
The flaw exists across various components of this platform: In MobileIron Core, a component of the MobileIron platform that serves as the administrative console; and in MobileIron Connector, a component that adds real-time connectivity to the backend.
Threatpost has reached out to MobileIron for further comment.
News URL
https://threatpost.com/critical-mobileiron-rce-flaw-attack/161600/
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical GitHub Attack (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)