← back
CVE-2021-3198

Ivanti MobileIron Core clish Restricted Shell Escape via OS Command Injection

CVSS 6.5 MEDIUMEPSS 3.3%CWE-78
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
Ivanti · MobileIron Core

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities/