CVE-2020-11798

MEDIUM EXPLOITED NUCLEI

Mitel MiCollab AWV < 8.1.2.4 and 9.x < 9.1.3 - Path Traversal via Crafted URL

Title source: llm

Exploitation Summary

CVE-2020-11798 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Kahvi-0. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Mitel MiCollab AWV, allowing an attacker to access arbitrary files via a crafted URL. The payload targets the `/etc/passwd` file, confirming the vulnerability's effectiveness.

Description

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.

Exploits (1)

exploitdb WORKING POC

by Kahvi-0 · textwebappscgi

https://www.exploit-db.com/exploits/51308

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Mitel MiCollab AWV, allowing an attacker to access arbitrary files via a crafted URL. The payload targets the `/etc/passwd` file, confirming the vulnerability's effectiveness.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal

MEDIUMVERIFIEDby ritikchaddha

Shodan: html:"Mitel" html:"MiCollab" || http.html:"mitel" html:"micollab"

FOFA: body="mitel" html:"micollab"

References (3)

Core 3

Core References

Vendor Advisory

https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin-20-0005-01.pdf

Vendor Advisory

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171751/Mitel-MiCollab-AWV-8.1.2.4-9.1.3-Directory-Traversal-LFI.html

Scores

CVSS v3 5.3

EPSS 0.4524

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2024-01-22

CWE

CWE-22

Status published

Products (1)

mitel/micollab_audio\,_web_\&_video_conferencing < 8.1.2.4

Published Jun 10, 2020

Tracked Since Feb 18, 2026