.. / CVE-2020-15505

Exploit for MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution (CVE-2020-15505)

Description:

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.

Nuclei Template

View the template here CVE-2020-15505.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-15505.yaml

References:

https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10
https://nvd.nist.gov/vuln/detail/CVE-2020-15505
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
https://github.com/orangetw/JNDI-Injection-Bypass
https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505

.. / CVE-2020-15505 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution (CVE-2020-15505)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-15505