Description

A remote code execution vulnerability exists in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via the LogService.

Remediation

Upgrade to the latest version of MobileIron.

References

CVE-2020-15505

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

MobileIron Security Updates Available

Related Vulnerabilities

PHP 5.3.9 remote code execution

Drupal 7 arbitrary PHP code execution and information disclosure

Cmd hijack vulnerability

WordPress Plugin WordPress PDF Light Viewer Command Injection (1.4.11)

OpenX 2.8.10 backdoor

Severity

High

Classification

CVE-2020-15505 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution