Ivanti Releases Critical Mitigations for MobileIron Products to Address Log4Shell Vulnerability

Out-of-band advisory to address Log4Shell vulnerability in MobileIron Core, Core Connector, Sentry, and Reporting Database

Threat ID:: CC-3990
Threat Severity:: High
Published:: 17 December 2021 8:21 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Out-of-band advisory to address Log4Shell vulnerability in MobileIron Core, Core Connector, Sentry, and Reporting Database

Affected platforms

The following platforms are known to be affected:

Versions: all versions

Ivanti Endpoint Manager Mobile (formerly MobileIron Core)

Versions: all versions

Ivanti Sentry (formerly MobileIron Sentry)

Versions: all versions

MobileIron Core Connector

Versions: all versions

MobileIron Reporting Database

Threat details

NHS Digital response to Log4Shell

This alert is part of NHS Digital's wider response to the Log4Shell remote code execution vulnerability. For more information on Log4Shell itself, please visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989.

NHS and social care organisations are invited to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected products.

Introduction

Ivanti has released security mitigations to address the Log4Shell vulnerability in their MobileIron products. A remote unauthenticated attacker could exploit Log4Shell to take control of affected MobileIron systems.

Ivanti MobileIron Products Under Active Exploitation

The Log4Shell vulnerability within MobileIron products is being actively targeted and exploited. MobileIron products have been targeted by advanced persistent threat groups historically.

Application of the mitigation measures listed in the Ivanti Security Bulletin below should be applied immediately.

Remediation advice

Affected organisations are encouraged to review Ivanti Security Bulletin CVE-2021-44228: MobileIron Remote code injection in Log4j (requires login) and apply the necessary mitigations.

Please note that these mitigating steps remove vulnerable Java class JNDILookUp.class from the Log4J library used in MobileIron systems. Ivanti has confirmed that this should not affect MobileIron system or logging functionality.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2021-44228

Last edited: 17 December 2021 8:21 pm