CVE-2016-6562

Published on: 07/13/2018 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:11 PM UTC

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Shortel Mobility Client from Mitel contain the following vulnerability:

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

  • CVE-2016-6562 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: ShoreTel - Mobility Client iOS version 9.1.3.109
  • Affected Vendor/Software: ShoreTel - Mobility Client Andoid version 9.1.3.109

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
ADJACENT_NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 2.9 - LOW

Access
Vector
Access
Complexity
Authentication
ADJACENT_NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Shoretel Mobility Client CVE-2016-6562 SSL Certificate Validation Security Bypass Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 95224
Vulnerability Note VU#475907 - Shoretel Mobility Client iOS application does not verify SSL certificates Third Party Advisory
US Government Resource
www.kb.cert.org
text/html
URL Logo CERT-VN VU#475907
ShoreTel Mobility Client iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6562) - Info-Sec.CA Third Party Advisory
www.info-sec.ca
text/html
URL Logo MISC www.info-sec.ca/advisories/ShoreTel-Mobility.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMitelShortel Mobility Client9.1.3.109AllAllAll
ApplicationMitelShortel Mobility Client9.1.3.109AllAllAll
ApplicationMitelShortel Mobility Client9.1.3.109AllAllAll
ApplicationMitelShortel Mobility Client9.1.3.109AllAllAll
  • cpe:2.3:a:mitel:shortel_mobility_client:9.1.3.109:*:*:*:*:android:*:*:
  • cpe:2.3:a:mitel:shortel_mobility_client:9.1.3.109:*:*:*:*:iphone_os:*:*:
  • cpe:2.3:a:mitel:shortel_mobility_client:9.1.3.109:*:*:*:*:android:*:*:
  • cpe:2.3:a:mitel:shortel_mobility_client:9.1.3.109:*:*:*:*:iphone_os:*:*: