CVE-2021-3198

Summary

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

Affected Software

VendorProductVersion RangeStatus
IvantiMobileIron Core10.7.0.1-9 <= 10.7.0.1-9affected
IvantiMobileIron Core11.0.0.1-3 <= 11.0.0.1-3affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References