Vulnerabilities > CVE-2020-27640 - Unspecified vulnerability in Mitel Mivoice 6930 Firmware and Mivoice 6940 Firmware

CVSS 8.1 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

low complexity

mitel

NVD

Published: 2020-12-18

Updated: 2020-12-22

Summary

The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.

Vulnerable Configurations

Part	Description	Count
OS	Mitel Mitel Mivoice 6940 Firmware - Mitel Mivoice 6940 Firmware 1.5.2 Mitel Mivoice 6930 Firmware - Mitel Mivoice 6930 Firmware 1.5.2	4
Hardware	Mitel Mitel Mivoice 6940 - Mitel Mivoice 6930 -	2

References

https://www.mitel.com/support/security-advisories