First published: Wed Aug 26 2020(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiVoice Connect | <214.100.1223.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12456 is a remote code execution vulnerability in Mitel MiVoice Connect Client before version 214.100.1223.0.
CVE-2020-12456 allows an attacker to execute arbitrary code in the chat notification window of Mitel MiVoice Connect Client, potentially leading to session cookie theft and other unauthorized actions.
CVE-2020-12456 has a severity rating of 8.8 (high).
To fix CVE-2020-12456, it is recommended to update Mitel MiVoice Connect Client to version 214.100.1223.0 or later, which addresses the vulnerability.
You can find more information about CVE-2020-12456 on Mitel's support website. Please refer to the following link: [https://www.mitel.com/support/security-advisories](https://www.mitel.com/support/security-advisories)