CVE-2016-6562
ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
En dispositivos iOS y Android, la aplicación ShoreTel Mobility Client 9.1.3.109 no valida correctamente los certificados SSL proporcionados por las conexiones HTTPS; esto significa que un atacante en posición de realizar ataques Man-in-the-Middle (MitM) podría ser capaz de obtener información sensible de la cuenta, como credenciales de inicio de sesión.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-08-03 CVE Reserved
- 2017-01-04 CVE Published
- 2023-08-11 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.info-sec.ca/advisories/ShoreTel-Mobility.html | Third Party Advisory | |
| https://www.kb.cert.org/vuls/id/475907 | Third Party Advisory |
|
| https://www.securityfocus.com/bid/95224 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitel Search vendor "Mitel" | Shortel Mobility Client Search vendor "Mitel" for product "Shortel Mobility Client" | 9.1.3.109 Search vendor "Mitel" for product "Shortel Mobility Client" and version "9.1.3.109" | android |
Affected
| ||||||
| Mitel Search vendor "Mitel" | Shortel Mobility Client Search vendor "Mitel" for product "Shortel Mobility Client" | 9.1.3.109 Search vendor "Mitel" for product "Shortel Mobility Client" and version "9.1.3.109" | iphone_os |
Affected
| ||||||