Vulnerabilites related to mitel - 6920_firmware
Vulnerability from fkie_nvd
Published
2020-08-26 18:15
Modified
2024-11-21 05:01
Severity ?
Summary
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AE79A3-8F8B-4964-93A0-734C6982AF80",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "60148792-AA6E-4D0E-A919-92CFBDA93427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "580264D3-8677-4C5C-82E2-038C3CE9E321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "714633DB-BF06-4C59-9CE6-01C6C3BE4DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80ABBFBA-BA41-4163-99D4-1B0341BDFFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "EA3EC57A-E03B-44A8-AC15-3FF696EEAA1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6863:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8931208E-AE65-4BFA-98C6-9BFC7F17167E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF357FE4-9FF1-4EA8-8C23-80FEA0098079",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B47EF143-7163-494E-839F-24FF05FE0908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9E076FEB-C607-48B1-BA7B-2EAABB4F5E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "6178F195-9543-4D2B-A5BA-2D2CA1B3D1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "373CC71D-10BB-4EB2-858E-31658F8A2FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C6041B7B-D4BF-4298-AC53-FEC62C468289",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "031C26C6-91DA-4876-B2B3-7F903527D9DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CCE18F-073D-4CB4-81FD-1DCBC3C95EB1",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A073A3C-4F10-4AB6-A4C6-808C27DCD7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F8D49A0-B21E-4DBF-919A-C859B56A72B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EAFCF656-7180-49AC-BCB4-9C878D808E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8E94FE44-81C7-437E-9079-4F1AB58FC328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A080097A-3C0D-4CAA-81C5-4AF34DB183ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6867:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA28BDA-2FE9-4D6C-B209-639FFC41BB82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDCC23D8-CDE8-44DA-ACD7-FB0E45F8EEB0",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F9A4026F-B540-41D3-A8D4-ADBA3042DB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DB2CFF02-1DA3-40A7-A8C1-B26EF961B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "137C5C8F-76EA-41BC-A49C-E175B3FFFEBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0D413BB8-B97D-4729-AB13-B71F102881D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C47C4102-0361-4891-AE23-1AF8706417CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6869:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E937DB-9C85-4B51-B7C2-AE692C9DB1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A7C4C1-74EB-4438-94B9-9900C9EF4CFE",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2F65438A-A8D3-4B07-A0F4-046F0F373CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "131EA8EB-0F54-4BF5-BDC4-554E9D0A260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EA7ECE31-AE0F-4168-9FA9-5A5F4D1BDF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "D124E8A4-1C96-4D21-8D39-DFBF49D1CB3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "5B8B4A44-67F2-4199-B66A-DF4DCE9DF697",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A85278-841C-497E-86D5-A9B0C401EC09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2384567-4806-46BD-9317-94D868804794",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5F222056-AFC7-44FA-BB76-CEE9F4139F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B86EAEC7-BFB5-488F-9CEB-27D57F6E7973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E07B64F3-206C-41D1-B0D1-FDA1B458CA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "959BA4C3-1E94-47F6-BB6E-92B44DED9B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "622145EA-842A-48B8-B6AD-3609A7E707F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3759B6-49DF-44A8-A49E-E2306966B966",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E50A91FB-CBC7-4BC0-B706-521BE23550D8",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "44BF1E96-71A4-4194-8640-93CFA93C6728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7CDEE027-A1CC-4249-85E5-A49F9F3976BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E207BA5E-C5BF-4E9D-B6C7-46963EC04B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "50128192-03BE-4B3F-B137-86CE0F6A0F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "4B3A4E83-8BB3-4110-AA9B-E00A60FD85BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651C4A02-AE83-4D6E-B49F-D756DF8032F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44298B54-C7E3-4047-9919-EE5E94426FC6",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EF8174D1-8F9C-4A37-B81F-C065759ED7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C7907AA2-1574-4DAF-8BD9-B353DAB65ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8E961799-6917-4B11-8C3A-B89319CCF5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3F0EE9B0-D37E-487D-A47C-048AC85E94C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "DFD9DABD-628B-4EAA-884E-87F081F43525",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92940D17-30A8-4F1C-95F7-9D7C922C58D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01DFA7D-2F04-4474-804D-D98103A322E6",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "E0BE473D-B722-48D2-B858-1B4519491B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E64AEF5A-5389-4285-B534-03E7B135A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "21F00CAA-56FD-4651-AEE4-584264BA5CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "DC20F25B-34EE-42D2-B477-2225AAD5905D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8E6499F7-5DA6-48DB-A1F4-7FD5D02BB416",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "313C5AC0-5535-4D83-9404-D1EAA38A5FA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9138A81A-A3ED-4A93-8ACB-AE0073E03374",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "27AED609-D33B-4E59-A4FD-85A19EA5FE24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6E31B15B-C8C7-4F0A-AA8A-ABF959C339A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AD03CB5-F4CD-46A7-A7A7-E208995B8B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6ED4FE3F-7C99-42C5-B11C-84DCD5C306E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "29EDB71D-AC8E-4AA2-B2E3-3F3FB71B1DE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD555D7-9F4C-46A1-B8DD-D60EB0BA6797",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBF6266-6159-45D4-B1CA-250B62772C7F",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "950AA5D9-5E52-4491-B904-0DAF2A2B0D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC0F0FE-30C9-4A66-B159-883017426CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF182182-2560-44E0-BE1C-F21CF312344B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "730374AE-685E-4825-9891-39D3D9ECCB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "31A1FAF6-21AE-43E7-89F1-910EA7865B79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92F0F9-CC50-4C36-A7E8-751B6C98E8B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
},
{
"lang": "es",
"value": "El componente de la Interfaz de Usuario Web de los Tel\u00e9fonos SIP de la Serie Mitel MiVoice 6800 y 6900 con versiones de firmware anteriores a 5.1.0.SP5, podr\u00eda permitir a un atacante no autenticado exponer informaci\u00f3n confidencial debido a un manejo inapropiado de la memoria durante los intentos fallidos de inicio de sesi\u00f3n"
}
],
"id": "CVE-2020-13617",
"lastModified": "2024-11-21T05:01:36.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-26T18:15:10.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-02 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | 6863i_firmware | * | |
| mitel | 6863i_firmware | 5.1.0.2051 | |
| mitel | 6863i_firmware | 5.1.0.2051 | |
| mitel | 6863i | - | |
| mitel | 6865i_firmware | * | |
| mitel | 6865i_firmware | 5.1.0.2051 | |
| mitel | 6865i_firmware | 5.1.0.2051 | |
| mitel | 6865i | - | |
| mitel | 6867i_firmware | * | |
| mitel | 6867i_firmware | 5.1.0.2051 | |
| mitel | 6867i_firmware | 5.1.0.2051 | |
| mitel | 6867i | - | |
| mitel | 6869i_firmware | * | |
| mitel | 6869i_firmware | 5.1.0.2051 | |
| mitel | 6869i_firmware | 5.1.0.2051 | |
| mitel | 6869i | - | |
| mitel | 6873i_firmware | * | |
| mitel | 6873i_firmware | 5.1.0.2051 | |
| mitel | 6873i_firmware | 5.1.0.2051 | |
| mitel | 6873i | - | |
| mitel | 6920_firmware | * | |
| mitel | 6920_firmware | 5.1.0.2051 | |
| mitel | 6920_firmware | 5.1.0.2051 | |
| mitel | 6920 | - | |
| mitel | 6930_firmware | * | |
| mitel | 6930_firmware | 5.1.0.2051 | |
| mitel | 6930_firmware | 5.1.0.2051 | |
| mitel | 6930 | - | |
| mitel | 6940_firmware | * | |
| mitel | 6940_firmware | 5.1.0.2051 | |
| mitel | 6940_firmware | 5.1.0.2051 | |
| mitel | 6940 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6863i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199BCE-1E4B-493E-9EB3-4C738F0E0AA8",
"versionEndExcluding": "5.1.0.2051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863i_firmware:5.1.0.2051:-:*:*:*:*:*:*",
"matchCriteriaId": "775C3676-5B20-4691-A5A9-341F867F0A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "CE4E5DF3-46C4-416C-BCA2-905B2051E5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6863i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6A2B2-B2F2-4B72-9452-83A0E0B2E7A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6865i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E245F6-4566-44D8-83A6-699AD5DA6AC9",
"versionEndExcluding": "5.1.0.2051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865i_firmware:5.1.0.2051:-:*:*:*:*:*:*",
"matchCriteriaId": "B832E54E-EB46-48FD-9652-6C02B68E3195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "BA9B61CC-544E-48EC-90D9-36FED382A151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6865i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D329E36-6CE5-4403-9852-4396EB6981B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6867i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D290CFF-E33B-4123-A410-0FC431E4C72F",
"versionEndExcluding": "5.1.0.2051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867i_firmware:5.1.0.2051:-:*:*:*:*:*:*",
"matchCriteriaId": "31597181-7C46-4B13-AE67-FA7C0DD422DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "A42364B4-884E-47F6-8927-34218FCC2EB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6867i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3655D26-01DC-41DD-A19D-DC3E8ADCAF00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6869i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2E5D76-07C2-4D4D-A812-DB04194574DC",
"versionEndExcluding": "5.1.0.2051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869i_firmware:5.1.0.2051:-:*:*:*:*:*:*",
"matchCriteriaId": "AE50A2BC-4485-4FDB-B618-C36E7B38A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "39DFC6B9-9ECD-49B3-AA3F-4FE58D4DFF8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6869i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "209CF34F-4E50-4749-BA18-CD01D74A6550",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6873i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFCA32F-38F6-44C2-A632-D80B4075A6A2",
"versionEndExcluding": "5.1.0.2051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873i_firmware:5.1.0.2051:-:*:*:*:*:*:*",
"matchCriteriaId": "90F0D53B-012C-4860-BA3C-C713FA1CB96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "E12C2325-689A-4C85-B571-D27C2E34100F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6873i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69C5E134-D27B-4758-9DC6-545B694080C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6577770-7BFC-4832-825B-834C5F22CBB1",
"versionEndExcluding": "5.1.0.2051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1.0.2051:-:*:*:*:*:*:*",
"matchCriteriaId": "207137FB-99F1-4883-AA1D-C9E09D79DDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "2963E6B8-5C15-4EAC-A628-AB38D6BBD56C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "313C5AC0-5535-4D83-9404-D1EAA38A5FA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E691DA45-54C0-4915-8839-0DB07A34B1C7",
"versionEndExcluding": "5.1.0.2051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1.0.2051:-:*:*:*:*:*:*",
"matchCriteriaId": "E363C50D-7A0A-4A15-912F-A0CAB7E64FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "BDB84A40-294A-43F7-835A-D9A6AF99F54A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92940D17-30A8-4F1C-95F7-9D7C922C58D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B4967D-7A2B-4D10-9EB3-164F54406506",
"versionEndExcluding": "5.1.0.2051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1.0.2051:-:*:*:*:*:*:*",
"matchCriteriaId": "1B9E4B5E-AEA9-42F7-B48A-F28A9165692F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "58AFB276-A7C3-4C8B-ACA6-B04ADA361261",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3759B6-49DF-44A8-A49E-E2306966B966",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information."
},
{
"lang": "es",
"value": "Una vulnerabilidad de longitud de clave en la implementaci\u00f3n de la clave de 128 bits de SRTP en los tel\u00e9fonos SIP Mitel de la serie 6800 y 6900, versiones anteriores a 5.1.0.2051 SP2, podr\u00eda permitir a un atacante iniciar un ataque de tipo man-in-the-middle cuando SRTP es usado en una llamada. Una explotaci\u00f3n con \u00e9xito puede permitir a un atacante interceptar informaci\u00f3n confidencial."
}
],
"id": "CVE-2019-18863",
"lastModified": "2024-11-21T04:33:44.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-02T18:15:10.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-13617 (GCVE-0-2020-13617)
Vulnerability from cvelistv5
Published
2020-08-26 18:02
Modified
2024-08-04 12:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitel.com/support/security-advisories | x_refsource_MISC | |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-26T18:02:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitel.com/support/security-advisories",
"refsource": "MISC",
"url": "https://www.mitel.com/support/security-advisories"
},
{
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13617",
"datePublished": "2020-08-26T18:02:00",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18863 (GCVE-0-2019-18863)
Vulnerability from cvelistv5
Published
2020-03-02 17:52
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitel.com/support/security-advisories | x_refsource_MISC | |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T17:52:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitel.com/support/security-advisories",
"refsource": "MISC",
"url": "https://www.mitel.com/support/security-advisories"
},
{
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18863",
"datePublished": "2020-03-02T17:52:37",
"dateReserved": "2019-11-11T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}