CVE-2020-10211

CRITICAL

Mitel MiVoice Connect < 22.11.4900.0 - Unauthenticated Remote Code Execution via UCB URL Parameter

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0297
EPSS Percentile 85.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
mitel/mivoice_connect < 22.11.4900.0
Published Apr 17, 2020
Tracked Since Feb 18, 2026