CVE-2020-12456

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect Client versions prior to 214.100.1223.0

Description A remote code execution issue exists due to improper rendering of chat messages, allowing an attacker to execute arbitrary code in the chat notification window. This could enable an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client.

Recommendations For versions prior to 214.100.1223.0, update to version 214.100.1223.0 or later to resolve the issue. As a temporary workaround, consider disabling the chat notification feature until a patch is available. Restrict access to sensitive areas of the Connect client to minimize the risk of exploitation.