CVE-2020-10211

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions prior to 19.1 SP1

Description A remote code execution issue exists due to insufficient validation of URL parameters in the UCB component. This could allow an unauthenticated remote attacker to execute arbitrary scripts, potentially gaining access to sensitive information.

Recommendations For versions prior to 19.1 SP1, update to version 19.1 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the UCB component to minimize the risk of exploitation.