The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27154
Reference (s):
- https://www.mitel.com/support/security-advisories