CVE-2020-27639

8.1HIGH

Key Information:

Vendor: Mitel
Status: 6873i Sip Firmware
Vendor: CVE Published:; 18 December 2020

Summary

The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.

References

https://www.mitel.com/support/security-advisories

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2020
Vulnerability Reserved
Oct 22, 2020