Get in Touch
Remote Code Execution Vulnerability Mitigation for MobileIron Products
On 17th January 2022, Ivanti updated its advisory related to CVE-2021-44228 vulnerability affecting some of its products. This CVE affects the Java logging library log4j which means all products using this library are vulnerable to Unauthenticated Remote Code Execution (RCE).
Remote code execution attacks allow an attacker to remotely execute malicious code on a computer. The impact of an RCE vulnerability can range from malware execution to an attacker gaining full control over the device.
Product: Avalanche Affected Versions: 6.3.0, 6.3.1, 6.3.2, and 6.3.3 Mitigations: Available 
Product: Ivanti File Director Versions: 2020.3, 2021.1, 2021.3 Mitigations: Available 
Product: MobileIron Mitigations: Available 
Containment, Mitigations & Remediation
- Ivanti and CERT-EU is urging users to apply mitigations or fixes mentioned in the Products Affected section.
- Organisations are to review Ivanti Security Bulletin included in the Further information section. Apply the required mitigation included in the bulletin . A table with instructions is provided for each product affected
- Please note that these mitigating steps remove vulnerable Java class JNDILookUp.class from the Log4J library used in MobileIron systems
- This should not affect MobileIron system or logging functionality.
Indicators of Compromise
No active exploitation at this time.
For more information on Log4Shell itself, please visit our article: Log4j (Log4Shell), a Global Pandemic for Computers | Quorum Cyber
[T1190] – Exploit Public-Facing Application
[T1210] – Exploitation of Remote Services
 Security Bulletin:CVE-2021-44228: MobileIron Remote code injection in Log4j (ivanti.com)
Ivanti Releases Critical Mitigations for MobileIron Products to Address Log4Shell Vulnerability – NHS Digital