Arbitrary Code Execution Vulnerability in Mitel BusinessCTI Enterprise (MBC-E) Client for Windows

Arbitrary Code Execution Vulnerability in Mitel BusinessCTI Enterprise (MBC-E) Client for Windows

CVE-2020-27154 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data.

Learn more about our User Device Pen Test.