The UK’s National Cyber ​​Security Center (NCSC) is currently monitoring active attacks on networks of government institutions and organizations in the UK using a vulnerability in the core and connector components of MobileIron’s Mobile Device Management (MDM) systems. The NCSC urgently recommends an update.

The critical gap CVE – 2020 – 15505 was already closed by MobileIron in June of this year; A proof-of-concept exploit has been publicly available since September. Since then, cyber criminals and government-funded APT (Advanced Persistent Threat) actors have been attacking British local governments, the health sector and logistic and legal facilities, according to the NCSC. In some cases, the attacks were successful. According to the latest alert from the NCSC, other facilities could also be affected.

At the end of October, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) had published similar warnings regarding attacks on US government networks. Among other things, CVE – 2020 – 15505 with Zerologon (CVE – 2020 – 1472) in order to obtain domain admin rights for Windows servers following the initial intrusion into networks.

Update if not done yet The NCSC strongly advises for the update, if this has not yet been done. Which since 15. June update closes the remote code execution gap CVE – 2020 – 15505 (CVSS score 9.8) yet another critical gap (CVE – 2020 – 15506, Authentication Bypass, CVSS Score 9.8) and a third with a “High” rating (CVE – 2020 – 15507, Arbitrary File Reading, 7.5). Updates are available for MobileIron Core & Enterprise Connector, MobileIron Sentry and the Monitor and Reporting Database (RDB).

Information on vulnerable and protected versions is provided by MobileIron in the advisory:

MobileIron Security Updates Available One update of the advisories from 22. October it can be seen that according to MobileIron’s estimates 22 to 95 percent of the vulnerable devices are now protected against the possibility of attack. (ovw)