Threat Encyclopedia

Remote Code Execution for Mitel MiVoice Connect Client

description-logoDescription

A Remote Code Execution vulnerability has been identified in the Connect Client of MiVoice Connect for versions before 214.100.1222.0. This vulnerability if exploited could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, directory traversal and run under the context of the chat client.

affected-products-logoAffected Products

MiVoice Connect Client

CVE References

CVE-2020-12456