CVE-2020-11797

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
mitelmicollab_audio\,_web_\&_video_conferencing
𝑥
< 8.1.2.4
mitelmicollab_audio\,_web_\&_video_conferencing
9.0 ≤
𝑥
< 9.1.3
𝑥
= Vulnerable software versions
References
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005