CVE-2020-10211
Published Apr 17, 2020
Last updated 5 years ago
Overview
- Description
- A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40AD35AC-A860-4870-9B4B-851E00A5C6D0",
"versionEndIncluding": "19.1"
},
{
"criteria": "cpe:2.3:a:mitel:mivoice_connect_client:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06D39D86-749D-499F-B29B-14BD85B0FFFE",
"versionEndIncluding": "214.100.1213.0"
}
],
"operator": "OR"
}
]
}
]