Skip to main content
0 Results Found
              Back To Results

                Vulnerability in ShoreTel Conferencing Platform

                Security Advisory SCWX-2018-001


                A vulnerability in the ShoreTel platform (CVE-2018-12901) could allow an attacker to create a specially crafted URL that gives them the ability to execute arbitrary code in a victim’s browser if the victim clicks the link. This issue was discovered by Harrison Coale of Secureworks® during a penetration test against a client. The severity of these issue is medium, as exploitation requires little effort on the part of the attacker and the systems are readily found by searching indexed public systems on Google. ShoreTel platform versions prior to and including 19.49.8600.0 may be vulnerable to cross-site scripting.

                Download the PDF: Secureworks Security Advisory 2018-001

                PGP Signature

                Related Content

                Close Modal
                Close Modal