Security News > 2020 > November > Critical MobileIron RCE Flaw Under Active Attack
Separately, the Cybersecurity and Infrastructure Security Agency in October warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability.
The flaw, first reported to MobileIron by Orange Tsai from DEVCORE, could allow an attacker to execute remote exploits without authentication.
MobileIron provides a platform that allows enterprises to manage the end-user mobile devices across their company.
The flaw exists across various components of this platform: In MobileIron Core, a component of the MobileIron platform that serves as the administrative console; and in MobileIron Connector, a component that adds real-time connectivity to the backend.
Threatpost has reached out to MobileIron for further comment.
News URL
https://threatpost.com/critical-mobileiron-rce-flaw-attack/161600/
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)