CVE-2016-6562

ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections

EPSS 0.4%CWE-295

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 jul 2018Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

Productos afectados

ShoreTel · Mobility Client Andoid ShoreTel · Mobility Client iOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.info-sec.ca/advisories/ShoreTel-Mobility.html https://www.kb.cert.org/vuls/id/475907 https://www.securityfocus.com/bid/95224