Vulnerability Details : CVE-2016-6562
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
Products affected by CVE-2016-6562
- cpe:2.3:a:mitel:shortel_mobility_client:9.1.3.109:*:*:*:*:android:*:*
- cpe:2.3:a:mitel:shortel_mobility_client:9.1.3.109:*:*:*:*:iphone_os:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6562
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6562
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.9
|
LOW | AV:A/AC:M/Au:N/C:P/I:N/A:N |
5.5
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2016-6562
-
The product does not validate, or incorrectly validates, a certificate.Assigned by:
- cret@cert.org (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2016-6562
-
https://www.kb.cert.org/vuls/id/475907
VU#475907 - ShoreTel Mobility Client mobile application does not verify SSL certificatesThird Party Advisory;US Government Resource
-
https://www.securityfocus.com/bid/95224
Shoretel Mobility Client CVE-2016-6562 SSL Certificate Validation Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://www.info-sec.ca/advisories/ShoreTel-Mobility.html
Third Party Advisory
Jump to