CVE-2016-6562

ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections

EPSS 0.4%CWE-295

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 jul 2018Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

Produtos afetados

ShoreTel · Mobility Client Andoid ShoreTel · Mobility Client iOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.info-sec.ca/advisories/ShoreTel-Mobility.html https://www.kb.cert.org/vuls/id/475907 https://www.securityfocus.com/bid/95224