CVE-2016-6562

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Common Weakness Enumeration
References
https://www.info-sec.ca/advisories/ShoreTel-Mobility.html
https://www.kb.cert.org/vuls/id/475907
https://www.securityfocus.com/bid/95224
https://www.info-sec.ca/advisories/ShoreTel-Mobility.html
https://www.kb.cert.org/vuls/id/475907
https://www.securityfocus.com/bid/95224