Lucene search

[email protected]NVD:CVE-2020-24692

HistorySep 25, 2020 - 4:23 a.m.

CVE-2020-24692

2020-09-2504:23:04

CWE-20

CWE-79

[email protected]

web.nvd.nist.gov

mitel micontact center business

ignite portal

xss

input validation

unauthorized access

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

12.6%

JSON

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

Affected configurations

Nvd

Node

mitelmicontact_center_businessRange<9.3.0.0

VendorProductVersionCPE
mitelmicontact_center_business*cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitel	micontact_center_business	*	cpe:2.3:a:mitel:micontact_center_business::::::::

References

www.mitel.com/support/security-advisories

www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0011

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-24692

cve1 cvelist1 prion1