Improper Input Validation Vulnerability in Mitel BusinessCTI Enterprise Client for Windows
CVE-2021-3176

8HIGH

Key Information:

Vendor: Mitel
Status: Businesscti Enterprise
Vendor: CVE Published:; 29 January 2021

Summary

The Mitel BusinessCTI Enterprise (MBC-E) Client for Windows is affected by a vulnerability that allows an attacker to exploit improper input validation in the chat window. By sending specifically crafted HTTP links, an attacker could potentially gain unauthorized access to sensitive user information and application data. Affected versions include those prior to 6.4.15 and 7.x prior to 7.1.2. It is crucial to address this vulnerability to protect user privacy and integrity.

References

https://www.mitel.com/support/security-advisories

x_refsource_MISC

https://www.mitel.com/support/security-advisories/mitel-p...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2021
Vulnerability Reserved
Jan 19, 2021