2 matches found
CVE-2021-3198
Ivanti MobileIron Core is affected by CVE-2021-3198: an attacker can escape the restricted clish shell by abusing the 'install rpm url' command. Vulnerable versions exist prior to 11.1.0.0; the issue was fixed in version 11.1.0.0. The root cause is command-based escape from the clish shell. Remed...
CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities
Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from two restricted shell escape vulnerabilities through the install rpm command present in the clish restricted shell. These issues have been fixed in version 11.1.0.0, released on March 15, 2021. The first, CVE-2021-3198, is an...