CVE-2020-11798
Last modified
CVE-2020-11798 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.. EPSS estimates a 45.24% chance of exploitation in the next 30 days.
Description
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Micollab Audio\, Web \& Video Conferencing | < 8.1.2.4 |
| Mitel | Micollab Audio\, Web \& Video Conferencing | >= 9.0, < 9.1.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-11798?
How severe is CVE-2020-11798?
How do I fix CVE-2020-11798?
Are you affected by CVE-2020-11798?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST