Description
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.info-sec.ca/advisories/ShoreTel-Mobility.html
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/475907
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
https://www.securityfocus.com/bid/95224
Scores
CVSS v3
7.5
EPSS
0.0044
EPSS Percentile
34.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (1)
mitel/shortel_mobility_client
9.1.3.109 (2 CPE variants)
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026