MobileIron Remote Code Execution via LogService
Description
MobileIron Core, Connector, Sentry, and Monitor/Reporting Database (RDB) contain a remote code execution vulnerability in the LogService component. Affected versions include Core & Connector 10.3.0.3 and earlier, 10.4.0.0-10.4.0.3, 10.5.1.0, 10.5.2.0, and 10.6.0.0; Sentry 9.7.2 and earlier, and 9.8.0; and RDB 2.0.0.1 and earlier. This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on the server through improper input validation in the LogService interface.
Remediation
Immediately upgrade all affected MobileIron components to patched versions: Core & Connector to version 10.6.0.1 or later, Sentry to version 9.8.0.1 or later, and Monitor/RDB to version 2.0.0.2 or later. Follow these steps:
1. Review MobileIron's official security advisory for your specific product version and deployment architecture
2. Schedule maintenance windows to minimize disruption to mobile device management services
3. Back up all configurations and data before applying updates
4. Apply the security patches following MobileIron's upgrade procedures for your environment
5. After patching, review system logs for any suspicious LogService activity or unauthorized access attempts that may indicate prior exploitation
6. If immediate patching is not possible, implement network-level access controls to restrict LogService access to trusted IP addresses only as a temporary mitigation