Emergency Incident ResponseReport a Confirmed or Potential Breach? Call +1 770-870-6343
0 Results Found
              Back To Results
                Advisories

                Vulnerability in ShoreTel Conferencing Platform

                Security Advisory SCWX-2018-001

                Summary:

                A vulnerability in the ShoreTel platform (CVE-2018-12901) could allow an attacker to create a specially crafted URL that gives them the ability to execute arbitrary code in a victim’s browser if the victim clicks the link. This issue was discovered by Harrison Coale of Secureworks® during a penetration test against a client. The severity of these issue is medium, as exploitation requires little effort on the part of the attacker and the systems are readily found by searching indexed public systems on Google. ShoreTel platform versions prior to and including 19.49.8600.0 may be vulnerable to cross-site scripting.

                Download the PDF: Secureworks Security Advisory 2018-001

                PGP Signature



                Related Content