Home / About / Threat Intelligence / Remote Code Execution Vulnerability Mitigation for MobileIron Products

Overview

On 17th January 2022, Ivanti updated its advisory related to CVE-2021-44228 vulnerability affecting some of its products. This CVE affects the Java logging library log4j which means all products using this library are vulnerable to Unauthenticated Remote Code Execution (RCE).

Impact

Remote code execution attacks allow an attacker to remotely execute malicious code on a computer. The impact of an RCE vulnerability can range from malware execution to an attacker gaining full control over the device.

Products Affected

Product: Avalanche Affected Versions: 6.3.0, 6.3.1, 6.3.2, and 6.3.3 Mitigations: Available [3]
Product: Ivanti File Director Versions: 2020.3, 2021.1, 2021.3 Mitigations: Available [4]
Product: MobileIron Mitigations: Available [5]

Containment, Mitigations & Remediation

  • Ivanti and CERT-EU is urging users to apply mitigations or fixes mentioned in the Products Affected section.
  • Organisations are to review Ivanti Security Bulletin included in the Further information section. Apply the required mitigation included in the bulletin [1]. A table with instructions is provided for each product affected
  • Please note that these mitigating steps remove vulnerable Java class JNDILookUp.class from the Log4J library used in MobileIron systems
  • This should not affect MobileIron system or logging functionality.

Indicators of Compromise

No active exploitation at this time.

Threat Landscape

For more information on Log4Shell itself, please visit our article: Log4j (Log4Shell), a Global Pandemic for Computers | Quorum Cyber

[T1190] – Exploit Public-Facing Application
[T1210] – Exploitation of Remote Services

Further Information

[1] Security Bulletin:CVE-2021-44228: MobileIron Remote code injection in Log4j (ivanti.com)
[2] https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping
[3] https://forums.ivanti.com/s/article/CVE-2021-44228-Avalanche-Remote-code-injection-Log4j
[4] https://forums.ivanti.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-and-Ivanti-File-Director-CVE-2021-44228
[5] https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-070.pdf

Ivanti Releases Critical Mitigations for MobileIron Products to Address Log4Shell Vulnerability – NHS Digital