Ivanti Releases Critical Mitigations for MobileIron Products to Address Log4Shell Vulnerability
Out-of-band advisory to address Log4Shell vulnerability in MobileIron Core, Core Connector, Sentry, and Reporting Database
Summary
Out-of-band advisory to address Log4Shell vulnerability in MobileIron Core, Core Connector, Sentry, and Reporting Database
Affected platforms
The following platforms are known to be affected:
Threat details
NHS Digital response to Log4Shell
This alert is part of NHS Digital's wider response to the Log4Shell remote code execution vulnerability. For more information on Log4Shell itself, please visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989.
NHS and social care organisations are invited to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected products.
Introduction
Ivanti has released security mitigations to address the Log4Shell vulnerability in their MobileIron products. A remote unauthenticated attacker could exploit Log4Shell to take control of affected MobileIron systems.
Ivanti MobileIron Products Under Active Exploitation
The Log4Shell vulnerability within MobileIron products is being actively targeted and exploited. MobileIron products have been targeted by advanced persistent threat groups historically.
Application of the mitigation measures listed in the Ivanti Security Bulletin below should be applied immediately.
Remediation advice
Affected organisations are encouraged to review Ivanti Security Bulletin CVE-2021-44228: MobileIron Remote code injection in Log4j (requires login) and apply the necessary mitigations.
Please note that these mitigating steps remove vulnerable Java class JNDILookUp.class from the Log4J library used in MobileIron systems. Ivanti has confirmed that this should not affect MobileIron system or logging functionality.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 17 December 2021 8:21 pm