Mitel Security Advisory for MiVoice Connect 6-16-20

Product Name Product Versions Vulnerability
MiVoice Connect Client MiVoice Connect Client 214.100.1222.0 and earlier A Remote Code Execution vulnerability has been identified in the Connect Client of MiVoice Connect. This vulnerability if exploited could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, directory traversal and run under the context of the chat client.