Sign-up

ID

VAR-202004-0371


CVE

CVE-2020-10211


TITLE

Mitel MiVoice Connect Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004570

DESCRIPTION

A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information. Mitel MiVoice Connect There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-10211 // JVNDB: JVNDB-2020-004570

AFFECTED PRODUCTS

vendor:mitelmodel:mivoice connect clientscope:lteversion:214.100.1213.0

Trust: 1.0

vendor:mitelmodel:mivoice connectscope:lteversion:19.1

Trust: 1.0

vendor:mitelmodel:mivoice connectscope:eqversion:19.1 sp1

Trust: 0.8

vendor:mitelmodel:mivoice connect clientscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-004570 // NVD: CVE-2020-10211

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-10211
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004570
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-1435
value: CRITICAL

Trust: 0.6

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004570
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004570
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-004570 // NVD: CVE-2020-10211 // CNNVD: CNNVD-202004-1435

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-004570 // NVD: CVE-2020-10211

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1435

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1435

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-10211

PATCH
title:20-0004url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0004
Trust: 0.8
title:SECURITY ADVISORIESurl:https://www.mitel.com/support/security-advisories
Trust: 0.8
title:Mitel Networks MiVoice Connect UCB Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116916
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004570 // 
            
            
            
            CNNVD: CNNVD-202004-1435

EXTERNAL IDS
db:NVDid:CVE-2020-10211
Trust: 2.4
db:JVNDBid:JVNDB-2020-004570
Trust: 0.8
db:CNNVDid:CNNVD-202004-1435
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004570 // 
            
            
            
            NVD: CVE-2020-10211 // 
            
            
            
            CNNVD: CNNVD-202004-1435

REFERENCES
url:https://www.mitel.com/support/security-advisories
Trust: 1.6
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0004
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10211
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-10211\
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-10211
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004570 // 
            
            
            
            NVD: CVE-2020-10211 // 
            
            
            
            CNNVD: CNNVD-202004-1435

SOURCES
db:JVNDBid:JVNDB-2020-004570
db:NVDid:CVE-2020-10211
db:CNNVDid:CNNVD-202004-1435

LAST UPDATE DATE
2023-12-18T12:56:05.198000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-004570date:2020-05-21T00:00:00
db:NVDid:CVE-2020-10211date:2020-04-23T13:47:45.917
db:CNNVDid:CNNVD-202004-1435date:2022-03-15T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-004570date:2020-05-21T00:00:00
db:NVDid:CVE-2020-10211date:2020-04-17T13:15:12.283
db:CNNVDid:CNNVD-202004-1435date:2020-04-17T00:00:00