CVE-2020-27639
Last modified
CVE-2020-27639 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitel | 6873i Sip Firmware | < 5.1.0 |
| Mitel | 6873i Sip Firmware | 5.1.0 |
| Mitel | 6930 Sip Firmware | < 5.1.0 |
| Mitel | 6930 Sip Firmware | 5.1.0 |
| Mitel | 6940 Sip Firmware | < 5.1.0 |
| Mitel | 6940 Sip Firmware | 5.1.0 |
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-27639?
How severe is CVE-2020-27639?
How do I fix CVE-2020-27639?
Are you affected by CVE-2020-27639?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST