CVE-2021-3198

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
22/07/2021
Last modified:
02/08/2021

Description

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ivanti:mobileiron:*:*:*:*:*:*:*:* 10.7.0.1-9 (including)
cpe:2.3:a:ivanti:mobileiron:*:*:*:*:*:*:*:* 11.0.0.0 (including) 11.1.0.0 (excluding)