Directory Traversal Vulnerability in Mitel MiCollab Admin Portal
CVE-2021-27402

6.5MEDIUM

Key Information:

Vendor: Mitel
Status: Micollab
Vendor: CVE Published:; 13 August 2021

What is CVE-2021-27402?

The SAS Admin portal of Mitel MiCollab prior to version 9.2 FP2 is susceptible to a directory traversal vulnerability. This flaw allows an unauthenticated attacker to potentially access and modify user data by exploiting improper URL validation mechanisms, thereby injecting arbitrary directory paths. This vulnerability raises significant security concerns as it can lead to unauthorized exposure and alteration of sensitive information.

References

https://www.mitel.com/support/security-advisories

x_refsource_MISC

https://www.mitel.com/support/security-advisories/mitel-p...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2021
Vulnerability Reserved
Feb 19, 2021