The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems.
MDM platforms allow administrators to remotely manage a fleet of mobile devices in their organization from a central server.
The CVE-2020-15505 vulnerability is a remote code execution issue in the MobileIron mobile device management (MDM) software that allows remote attackers to execute arbitrary code and take over remote company servers.
Experts at NCSC are aware of threat actors actively using the MobileIron CVE-2020-1550 vulnerability to compromise the networks in multiple sectors, including the healthcare, local government, logistics, and legal sectors.
“The NCSC is aware that Advanced Persistent Threat (APT) nation-state groups and cyber criminals are now actively attempting to exploit this vulnerability [T1190] to compromise the networks of UK organisations.” reads the alert.
At the end of October, the US National Security Agency (NSA) included the same RCE in the list of the top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild.
The Cybersecurity and Infrastructure Agency (CISA) also warned that APT groups are chaining the CVE-2020-15505 RCE with the Netlogon/Zerologon vulnerability CVE-2020-1472 at least in a single intrusion.
The MobileIron versions affected by the CVE-2020-15505 flaw are:
(SecurityAffairs – hacking, APT)