CVE-2021-3540: Ivanti MobileIron Core clish Restricted Shell Escape via Argument Injection
First published: Thu Jul 22 2021(Updated: )
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti MobileIron | <=10.7.0.1-9 | |
| Ivanti MobileIron | >=11.0.0.0<11.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-3540?
CVE-2021-3540 is a high severity vulnerability due to the potential for privilege escalation.
How do I fix CVE-2021-3540?
To fix CVE-2021-3540, upgrade Ivanti MobileIron to version 11.1.0.0 or later.
Which versions of Ivanti MobileIron are affected by CVE-2021-3540?
Versions up to 10.7.0.1-9 and versions from 11.0.0.0 to below 11.1.0.0 are affected by CVE-2021-3540.
What type of vulnerability is CVE-2021-3540?
CVE-2021-3540 is classified as a privilege escalation vulnerability.
What can an attacker achieve by exploiting CVE-2021-3540?
An attacker exploiting CVE-2021-3540 can escape the restricted clish shell, potentially gaining unauthorized access.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/author
- agent/references
- agent/title
- agent/weakness
- agent/severity
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ivanti
- canonical/ivanti mobileiron
- version/ivanti mobileiron/10.7.0.1-9
- version/ivanti mobileiron/11.0.0.0