Report a Confirmed or Potential Breach? Call   +1 770-870-6343
0 Results Found
            Back To Results
              Login
              Advisories

              Vulnerability in ShoreTel Conferencing Platform

              Security Advisory SCWX-2018-001

              Summary:

              A vulnerability in the ShoreTel platform (CVE-2018-12901) could allow an attacker to create a specially crafted URL that gives them the ability to execute arbitrary code in a victim’s browser if the victim clicks the link. This issue was discovered by Harrison Coale of Secureworks® during a penetration test against a client. The severity of these issue is medium, as exploitation requires little effort on the part of the attacker and the systems are readily found by searching indexed public systems on Google. ShoreTel platform versions prior to and including 19.49.8600.0 may be vulnerable to cross-site scripting.

              Download the PDF: Secureworks Security Advisory 2018-001

              PGP Signature



              Related Content