According to its self-reported version number, the installation of MobileIron Core on the remote host is affected by multiple vulnerabilities:
- A remote command execution vulnerability exists in MobileIron Core and Connector versions 10.6 and earlier, and Sentry versions 9.8 and earlier. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands as root. (CVE-2020-15505)
- An arbitrary file read vulnerability exists in MobileIron Core and Connector versions 10.6 and earlier. An unauthenticated, remote attacker can exploit this to read arbitrary files and disclose sensitive information. (CVE-2020-15507)
- An authentication bypass vulnerability exists in MobileIron Core and Connector versions 10.6 and earlier. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary actions with escalated privileges. (CVE-2020-15506) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(141366);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/29");
script_cve_id("CVE-2020-15505", "CVE-2020-15506", "CVE-2020-15507");
script_xref(name:"IAVA", value:"2020-A-0424");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
script_xref(name:"CEA-ID", value:"CEA-2020-0129");
script_name(english:"MobileIron Core 10.3.0.x < 10.3.0.4-19 / 10.4.0.x < 10.4.0.4-22 / 10.5.1.1 < 10.5.1.1-22 / 10.5.2.1 < 10.5.2.1-14 / 10.6.0.1 < 10.6.0.1-19 / 10.7.0.0 < 10.7.0.0-28");
script_set_attribute(attribute:"synopsis", value:
"A MobileIron application running on the remote web server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the installation of MobileIron Core on the remote host is affected
by multiple vulnerabilities:
- A remote command execution vulnerability exists in MobileIron Core and Connector versions 10.6
and earlier, and Sentry versions 9.8 and earlier. An unauthenticated, remote attacker can
exploit this to bypass authentication and execute arbitrary commands as root. (CVE-2020-15505)
- An arbitrary file read vulnerability exists in MobileIron Core and Connector versions 10.6
and earlier. An unauthenticated, remote attacker can exploit this to read arbitrary files
and disclose sensitive information. (CVE-2020-15507)
- An authentication bypass vulnerability exists in MobileIron Core and Connector versions 10.6
and earlier. An unauthenticated, remote attacker can exploit this to bypass authentication
and execute arbitrary actions with escalated privileges. (CVE-2020-15506)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported
version");
# https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9a8249df");
script_set_attribute(attribute:"solution", value:
"Upgrade to MobileIron version 10.3.0.4-19, 10.4.0.4-22, 10.5.1.1-22, 10.5.2.1-14, 10.6.0.1-19, 10.7.0.0-28 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15506");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'MobileIron MDM Hessian-Based Java Deserialization RCE');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/12");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mobileiron:mobileiron_core");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mobileiron_core_detect.nbin");
script_require_keys("installed_sw/MobileIron Core");
exit(0);
}
include('vcf.inc');
var app_name = 'MobileIron Core';
var app_info = NULL;
if (report_paranoia < 2)
app_info = vcf::get_app_info(app:app_name);
else
app_info = vcf::combined_get_app_info(app:app_name);
var constraints = [
{'min_version':'10.3.0', fixed_version:'10.3.0.4.19', 'fixed_display':'10.3.0.4-19'},
{'min_version':'10.4.0', fixed_version:'10.4.0.4.22', 'fixed_display':'10.4.0.4-22'},
{'min_version':'10.5.1', fixed_version:'10.5.1.1.25', 'fixed_display':'10.5.1.1-25'},
{'min_version':'10.5.2', fixed_version:'10.5.2.1.14', 'fixed_display':'10.5.2.1-14'},
{'min_version':'10.6.0', fixed_version:'10.6.0.1.19', 'fixed_display':'10.6.0.1-19'},
{'min_version':'10.7.0', fixed_version:'10.7.0.0.28', 'fixed_display':'10.7.0.0-28'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
mobileiron | mobileiron_core | cpe:/a:mobileiron:mobileiron_core |