Vulnerabilities > CVE-2020-27639 - Unspecified vulnerability in Mitel products

CVSS 8.1 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

low complexity

mitel

NVD

Published: 2020-12-18

Updated: 2020-12-21

Summary

The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.

Vulnerable Configurations

Part	Description	Count
OS	Mitel Mitel 6873I SIP Firmware - Mitel 6873I SIP Firmware 5.0.0 Mitel 6873I SIP Firmware 5.1.0 Mitel 6930 SIP Firmware - Mitel 6930 SIP Firmware 5.0.0 Mitel 6930 SIP Firmware 5.1.0 Mitel 6940 SIP Firmware - Mitel 6940 SIP Firmware 5.0.0 Mitel 6940 SIP Firmware 5.1.0	30
Hardware	Mitel Mitel 6873I SIP - Mitel 6930 SIP - Mitel 6940 SIP -	3

References

https://www.mitel.com/support/security-advisories