Information Disclosure in Mitel ICP VoIP 3100 Devices
CVE-2003-20001

5.6MEDIUM

Key Information:

Vendor: Mitel
Status: ICP VoIP 3100
Vendor: CVE Published:; 1 April 2025

Summary

On Mitel ICP VoIP 3100 devices, a security issue occurs when a remote user logs in via TELNET during the login wait time, and an incoming external call arrives. In this scenario, the system inadvertently reveals sensitive information regarding the call, including service type, extension number, and additional parameters related to call activity. This vulnerability may allow unauthorized individuals to access confidential call data, posing a security risk to the users of the affected devices.

References

https://packetstorm.news/files/id/31445

http://olografix.org/acme/mitel.txt

https://rb.gy/1smt22

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 28, 2025