MobileIron Log4Shell RCE
Description
MobileIron is affected by the Log4Shell vulnerability (CVE-2021-44228), a critical remote code execution flaw in the Apache Log4j logging library. This vulnerability allows attackers to execute arbitrary code by sending specially crafted input that triggers malicious JNDI lookups. Because MobileIron uses a vulnerable version of Log4j, unauthenticated attackers can exploit this weakness to compromise the server.
Remediation
Apply the vendor-provided security patches immediately by following these steps:
1. Review the Ivanti security bulletin (CVE-2021-44228) to identify the patched version for your MobileIron product
2. Download the appropriate security update from the Ivanti support portal
3. Schedule a maintenance window and create a backup of your MobileIron server before applying updates
4. Install the latest patched version according to Ivanti's upgrade documentation
5. Verify the Log4j library version has been updated to 2.17.0 or later (for Log4j 2.x) after the upgrade
6. Monitor system logs for any suspicious activity or indicators of prior exploitation
As a temporary mitigation if immediate patching is not possible, consider setting the JVM parameter -Dlog4j2.formatMsgNoLookups=true or removing the JndiLookup class from the Log4j JAR file, though upgrading remains the recommended solution.