FYSA
Our partners at the Australian Cyber Security Centre (ACSC) released the
attached (TLP:AMBER) Advisory 2021-008: Active Exploitation of MobileIron
products. ACSC is aware of active exploitation of MobileIron products by
malicious cyber actors, associated with the Log4j library vulnerability.
Mitigations are available from the vendor, Ivanti.
CISA Recommendations:
* Review and apply configuration workarounds for impacted products found
here<https://urldefense.us/v3/__https:/forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US__;!!BClRuOV5cvtbuNI!ShK0JcgHBcA1zWReciZ-98XbZwii62_PK3UrLvIBukUfGoxopPCwSHDDlU4PLGEK7U4-8s0$>
* Apply new patches as soon as they become available
* Investigate your complete MobileIron Core solution for evidence of
compromise as a matter of priority (as previously detailed by the ACSC
here<https://urldefense.us/v3/__https:/www.cyber.gov.au/acsc/view-all-content/alerts/critical-remote-code-execution-vulnerability-found-log4j2-library__;!!BClRuOV5cvtbuNI!ShK0JcgHBcA1zWReciZ-98XbZwii62_PK3UrLvIBukUfGoxopPCwSHDDlU4PLGEKkNj6iKY$>)
We kindly request any incidents related to this product be reported to CISA at
https://us-cert.cisa.gov/report, ;
Central@xxxxxxxxxxxx<mailto:Central@xxxxxxxxxxxx>, or 888-282-0870.
Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>
[cid:image007.png@01D7F63B.D9CBBB70]