CVE-2016-6562
N/A
N/A
Summary
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ShoreTel | Mobility Client iOS | 9.1.3.109 <= 9.1.3.109 | affected |
| ShoreTel | Mobility Client Andoid | 9.1.3.109 <= 9.1.3.109 | affected |
Weaknesses
- CWE-295: CWE-295
ADP Enrichment
CVE Program Container
Additional References
- https://www.info-sec.ca/advisories/ShoreTel-Mobility.html
- https://www.kb.cert.org/vuls/id/475907
- https://www.securityfocus.com/bid/95224
References
- https://www.info-sec.ca/advisories/ShoreTel-Mobility.html
- https://www.kb.cert.org/vuls/id/475907
- https://www.securityfocus.com/bid/95224
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.