Sign-up

ID

VAR-202008-0095


CVE

CVE-2020-12456


TITLE

Mitel MiVoice Connect Client Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010391

DESCRIPTION

A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. Mitel MiVoice Connect Client Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-12456 // JVNDB: JVNDB-2020-010391

AFFECTED PRODUCTS

vendor:mitelmodel:mivoice connectscope:ltversion:214.100.1223.0

Trust: 1.0

vendor:mitelmodel:mivoice connect clientscope:eqversion:214.100.1223.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010391 // NVD: CVE-2020-12456

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-12456
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010391
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-1300
value: HIGH

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010391
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010391
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010391 // NVD: CVE-2020-12456 // CNNVD: CNNVD-202008-1300

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-010391 // NVD: CVE-2020-12456

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1300

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202008-1300

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-12456

PATCH
title:SECURITY ADVISORIESurl:https://www.mitel.com/support/security-advisories
Trust: 0.8
title:20-0006url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0006
Trust: 0.8
title:Mitel MiVoice Connect Client Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127319
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010391 // 
            
            
            
            CNNVD: CNNVD-202008-1300

EXTERNAL IDS
db:NVDid:CVE-2020-12456
Trust: 2.4
db:JVNDBid:JVNDB-2020-010391
Trust: 0.8
db:CNNVDid:CNNVD-202008-1300
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010391 // 
            
            
            
            NVD: CVE-2020-12456 // 
            
            
            
            CNNVD: CNNVD-202008-1300

REFERENCES
url:https://www.mitel.com/support/security-advisories
Trust: 1.6
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0006
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-12456
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12456
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-010391 // 
            
            
            
            NVD: CVE-2020-12456 // 
            
            
            
            CNNVD: CNNVD-202008-1300

SOURCES
db:JVNDBid:JVNDB-2020-010391
db:NVDid:CVE-2020-12456
db:CNNVDid:CNNVD-202008-1300

LAST UPDATE DATE
2023-12-18T13:32:56.714000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-010391date:2021-01-08T07:57:29
db:NVDid:CVE-2020-12456date:2020-09-01T17:06:20.103
db:CNNVDid:CNNVD-202008-1300date:2021-08-16T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-010391date:2021-01-08T07:57:29
db:NVDid:CVE-2020-12456date:2020-08-26T19:15:14.237
db:CNNVDid:CNNVD-202008-1300date:2020-08-26T00:00:00