CVE-2020-11798

MEDIUM EXPLOITED NUCLEI

Mitel Micollab Audio, Web & Video Conferencing - Path Traversal

Title source: rule

Description

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.

Exploits (1)

exploitdb WORKING POC
by Kahvi-0 · textwebappscgi
https://www.exploit-db.com/exploits/51308

Nuclei Templates (1)

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
MEDIUMVERIFIEDby ritikchaddha
Shodan: html:"Mitel" html:"MiCollab" || http.html:"mitel" html:"micollab"
FOFA: body="mitel" html:"micollab"

References (3)

Scores

CVSS v3 5.3
EPSS 0.7811
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2024-01-22
CWE
CWE-22
Status published
Products (1)
mitel/micollab_audio\,_web_\&_video_conferencing < 8.1.2.4
Published Jun 10, 2020
Tracked Since Feb 18, 2026