On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
References
Link | Resource |
---|---|
https://www.info-sec.ca/advisories/ShoreTel-Mobility.html | Third Party Advisory |
https://www.kb.cert.org/vuls/id/475907 | Third Party Advisory US Government Resource |
https://www.securityfocus.com/bid/95224 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2018-07-13T20:00:00
Updated: 2018-07-13T19:57:01
Reserved: 2016-08-03T00:00:00
Link: CVE-2016-6562
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-13T20:29:00.957
Modified: 2019-10-09T23:19:16.143
Link: CVE-2016-6562
JSON object: View
Redhat Information
No data.
CWE