CVE-2021-3540

CVE Database · CVE-2021-3540

CVE-2021-3540

· MEDIUMModified

CVSS v3.1

6.5

EPSS

3.31%

Published

Jul 22, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-88CWE-88

Affected Products (2)

ivanti · mobileironvulnerable

ivanti · mobileiron (up to 11.1.0.0)vulnerable

References (2)

https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities/

ExploitThird Party Advisory

https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities/

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs