Skip to main content

Ivanti Releases Critical Mitigations for MobileIron Products to Address Log4Shell Vulnerability

Out-of-band advisory to address Log4Shell vulnerability in MobileIron Core, Core Connector, Sentry, and Reporting Database

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Out-of-band advisory to address Log4Shell vulnerability in MobileIron Core, Core Connector, Sentry, and Reporting Database


Threat details

NHS Digital response to Log4Shell

This alert is part of NHS Digital's wider response to the Log4Shell remote code execution vulnerability. For more information on Log4Shell itself, please visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989.
 

NHS and social care organisations are invited to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected products.

Introduction

Ivanti has released security mitigations to address the Log4Shell vulnerability in their MobileIron products. A remote unauthenticated attacker could exploit Log4Shell to take control of affected MobileIron systems.

Ivanti MobileIron Products Under Active Exploitation

The Log4Shell vulnerability within MobileIron products is being actively targeted and exploited. MobileIron products have been targeted by advanced persistent threat groups historically.

Application of the mitigation measures listed in the Ivanti Security Bulletin below should be applied immediately.


Remediation advice

Affected organisations are encouraged to review Ivanti Security Bulletin CVE-2021-44228: MobileIron Remote code injection in Log4j (requires login) and apply the necessary mitigations.

Please note that these mitigating steps remove vulnerable Java class JNDILookUp.class from the Log4J library used in MobileIron systems. Ivanti has confirmed that this should not affect MobileIron system or logging functionality.



Last edited: 17 December 2021 8:21 pm