CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3540 – Ivanti MobileIron Core clish Restricted Shell Escape via Argument Injection
https://notcve.org/view.php?id=CVE-2021-3540
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. Al abusar del comando "install rpm info detail", un atacante puede escapar del shell clish restringido en las versiones afectadas de Ivanti MobileIron Core. Este problema fue corrregido en versión 11.1.0.0 • https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3198 – Ivanti MobileIron Core clish Restricted Shell Escape via OS Command Injection
https://notcve.org/view.php?id=CVE-2021-3198
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. Al abusar del comando "install rpm url", un atacante puede escapar del shell clish restringido en las versiones afectadas de Ivanti MobileIron Core. Este problema fue corregido en versión 11.1.0.0 • https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •