Vulnerabilities > CVE-2020-13617 - Improper Restriction of Excessive Authentication Attempts vulnerability in Mitel products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mitel

CWE-307

NVD

Published: 2020-08-26

Updated: 2020-09-01

Summary

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.

Vulnerable Configurations

Part	Description	Count
OS	Mitel Mitel 6863 Firmware - Mitel 6863 Firmware 4.2 Mitel 6863 Firmware 4.3 Mitel 6863 Firmware 4.5 Mitel 6863 Firmware 5.0 Mitel 6863 Firmware 5.1 Mitel 6865 Firmware - Mitel 6865 Firmware 4.2 Mitel 6865 Firmware 4.3 Mitel 6865 Firmware 4.5 Mitel 6865 Firmware 5.0 Mitel 6865 Firmware 5.1 Mitel 6867 Firmware - Mitel 6867 Firmware 4.2 Mitel 6867 Firmware 4.3 Mitel 6867 Firmware 4.5 Mitel 6867 Firmware 5.0 Mitel 6867 Firmware 5.1 Mitel 6869 Firmware - Mitel 6869 Firmware 4.2 Mitel 6869 Firmware 4.3 Mitel 6869 Firmware 4.5 Mitel 6869 Firmware 5.0 Mitel 6869 Firmware 5.1 Mitel 6873 Firmware - Mitel 6873 Firmware 4.2 Mitel 6873 Firmware 4.3 Mitel 6873 Firmware 4.5 Mitel 6873 Firmware 5.0 Mitel 6873 Firmware 5.1 Mitel 6940 Firmware - Mitel 6940 Firmware 5.0 Mitel 6940 Firmware 5.1 Mitel 6970 Firmware - Mitel 6970 Firmware 5.0 Mitel 6970 Firmware 5.1 Mitel 6930 Firmware - Mitel 6930 Firmware 5.0 Mitel 6930 Firmware 5.1 Mitel 6920 Firmware - Mitel 6920 Firmware 5.0 Mitel 6920 Firmware 5.1 Mitel 6905 Firmware - Mitel 6905 Firmware 5.0 Mitel 6905 Firmware 5.1 Mitel 6910 Firmware - Mitel 6910 Firmware 5.0 Mitel 6910 Firmware 5.1	129
Hardware	Mitel Mitel 6863 - Mitel 6865 - Mitel 6867 - Mitel 6869 - Mitel 6873 - Mitel 6940 - Mitel 6970 - Mitel 6930 - Mitel 6920 - Mitel 6905 - Mitel 6910 -	11

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References