Mitel MiVoice Connect Client CVE-2020-12456 Path Traversal Vulnerability

description-logoDescription

A Remote Code Execution vulnerability has been identified in the Connect Client of MiVoice Connect for versions before 214.100.1222.0. This vulnerability if exploited could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, directory traversal and run under the context of the chat client.

affected-products-logoAffected Applications

MiVoice Connect Client

CVE References

CVE-2020-12456