NCC Group, a cybersecurity firm, is advising users of MobileIron products to fix their systems after discovering exploitations using the Log4j vulnerability. According to NCC Group experts, there have been five cases of active exploitation of Log4Shell in MobileIron in their customer base, with the global extent of the vulnerability appearing substantial.
“We have seen 5 instances in our client base of active exploitation of Mobile Iron during the course of yesterday and today. The scale of the exposure globally appears significant. We recommend all Mobile Iron users updated immediately,” the alert reads.
The company posted a snapshot of a Shodan search showing 4,642 instances throughout the world in a blog post updated on Wednesday. Shodan isn’t real-time, as per NCC Group Global CTO Ollie Whitehouse, although there has been a modest decline in total systems since yesterday.
According to Ivanti, customers employing MobileIron were supplied with mitigation procedures and assistance this weekend which bought MobileIron in December 2020. Ivanti VP of security Daniel Spicer said that the Log4j vulnerability affects all versions of MobileIron Core, Core Connector, MobileIron Sentry, and Reporting Database (RDB) following an assessment of their products. The problem does not affect those who use the MobileIron Cloud.
Ivanti issued an alert and stated that the risk associated with CVE-2021-44228 is significant since these products are located in the DMZ and are vulnerable to an RCE attack because of the CVE. Ivanti explained that the mitigation instructions include removing a vulnerable Java class (JNDILookUp.class) from the compromised Log4J Java library, eliminating the ability to undertake the RCE attack.
In December 2020, the UK’s National Cyber Security Centre (NCSC) published an advisory warning that several state-backed hackers and criminal groups were exploiting a weakness in MobileIron’s MDM software. Hackers have previously attacked the company’s MDM servers because of other flaws.