Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability is well known and can be exploited with techniques that are publicly available. An unauthorized attacker can exploit an unpatched version of MobileIron MDM software and ultimately gain access to mobile devices that are managed by the MDM server.
Kill Chain
Risk Score
87
Mobile Device Management (MDM) software enables centralized management of mobile devices across an organization. Because MDM servers require employee devices to reach the server for updates, devices are at risk of attacks over the internet. An attacker exploits the MobileIron MDM vulnerability by accessing a web service management interface and then attacks a deserialization vulnerability in the Tomcat web service. To complete the first step of the attack, the attacker sends a specially-designed HTTP POST request to the management interface. This request enables an attacker to bypass controls that protect the MobileIron management interface. After an attacker accesses the management interface, they can exploit the deserialization vulnerability in the MDM software and target all mobile devices that are managed by the MDM server.
Quarantine the device while checking for indicators of compromise
Apply system updates regularly to reduce the number of vulnerabilities that can be exploited
Review access controls to ensure that only authorized users can connect to required services and protocols
