CVE-2021-3540
6.5 MEDIUMBy abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti Mobile...
Published: 2021-07-22 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-88
Affected products
| Vendor | Product |
|---|---|
| ivanti | mobileiron |
Description
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3540
- [Exploit reference]https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities/
- [Exploit reference]https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities/
Related CVEs
Same vendor
- CVE-2026-10520 — An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated u... (10.0 CRITICAL)
- CVE-2026-6973 — An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with ad... (7.2 HIGH)
- CVE-2024-7593 — Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticate... (9.8 CRITICAL)
- CVE-2021-3198 — By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core (6.5 MEDIUM)
Same CWE
- CVE-2026-47365 — Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass ... (9.9 CRITICAL)
- CVE-2026-47250 — mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management (6.1 MEDIUM)
- CVE-2026-46529 — Atril Document Viewer is the default document reader of the MATE desktop environment for Linux
- CVE-2026-53694 — Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.T...
- CVE-2026-52750 — Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not ... (7.8 HIGH)