CVE-2021-26714

CRITICAL

Mitel Micontact Center Enterprise < 9.4 - Path Traversal

Title source: rule

Description

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal.

Exploits (1)

nomisec STUB

by PwCNO-CTO · poc

https://github.com/PwCNO-CTO/CVE-2021-26714

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0003

Scores

CVSS v3 9.8

EPSS 0.0169

EPSS Percentile 82.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

mitel/micontact_center_enterprise < 9.4

Published Mar 29, 2021

Tracked Since Feb 18, 2026