Vulnerability CVE-2016-6562


Published: 2018-07-13

Description:
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle
David Coomber
05.01.2017

Type:

CWE-295

(Certificate Issues)

CVSS2 => (AV:A/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.9/10
2.9/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Mitel -> Shortel mobility client 

 References:
https://www.info-sec.ca/advisories/ShoreTel-Mobility.html
https://www.kb.cert.org/vuls/id/475907
https://www.securityfocus.com/bid/95224

Copyright 2024, cxsecurity.com

 

Back to Top