CVE-2016-6562 Information

Description

On iOS and Android devices the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

CVSS Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.info-sec.ca/advisories/ShoreTel-Mobility.html https://www.kb.cert.org/vuls/id/475907 https://www.securityfocus.com/bid/95224

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.5