Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-11798Path Traversal in Micollab Audio WEB Video Conferencing

CWE-22Path Traversal7 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
78.1%
top 0.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mitel Micollab Audio WEB Video Conferencing
Timeline
PublishedJun 10
Latest updateSep 30

Description

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-25p6-jmrr-3hj2: A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 82022-05-24
CVEList
CVE-2020-11798: A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 82020-06-10
VulnCheck
Mitel micollab_audio\,_web_\&_video_conferencing Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2020

💥Exploits & PoCs

2
Exploit-DB
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI2023-04-06
Nuclei
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Mitel Micollab Directory Traversal Attempt (CVE-2020-11798)2024-09-30
CVE-2020-11798 — Path Traversal | cvebase