CVE-2020-27640
Last modified
CVE-2020-27640 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mivoice 6940 Firmware | < 1.5.3 |
| Mitel | Mivoice 6930 Firmware | < 1.5.3 |
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-27640?
How severe is CVE-2020-27640?
How do I fix CVE-2020-27640?
Are you affected by CVE-2020-27640?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST