CVE-2020-10211
CRITICALMitel MiVoice Connect < 22.11.4900.0 - Unauthenticated Remote Code Execution via UCB URL Parameter
Title source: llmDescription
A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.mitel.com/support/security-advisories
Vendor Advisory x_refsource_confirm
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0004
Scores
CVSS v3
9.8
EPSS
0.0297
EPSS Percentile
85.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
mitel/mivoice_connect
< 22.11.4900.0
Published
Apr 17, 2020
Tracked Since
Feb 18, 2026