First published: Mon Mar 02 2020(Updated: )
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel 6863i Firmware | <5.1.0.2051 | |
Mitel 6863i Firmware | =5.1.0.2051 | |
Mitel 6863i Firmware | =5.1.0.2051-sp2_hf2 | |
Mitel 6863i | ||
Mitel 6865i Firmware | <5.1.0.2051 | |
Mitel 6865i Firmware | =5.1.0.2051 | |
Mitel 6865i Firmware | =5.1.0.2051-sp2_hf2 | |
Mitel 6865i | ||
Mitel 6867i Firmware | <5.1.0.2051 | |
Mitel 6867i Firmware | =5.1.0.2051 | |
Mitel 6867i Firmware | =5.1.0.2051-sp2_hf2 | |
Mitel 6867i | ||
Mitel 6869i Firmware | <5.1.0.2051 | |
Mitel 6869i Firmware | =5.1.0.2051 | |
Mitel 6869i Firmware | =5.1.0.2051-sp2_hf2 | |
Mitel 6869i | ||
Mitel 6873i Firmware | <5.1.0.2051 | |
Mitel 6873i Firmware | =5.1.0.2051 | |
Mitel 6873i Firmware | =5.1.0.2051-sp2_hf2 | |
Mitel 6873i | ||
Mitel 6920 Firmware | <5.1.0.2051 | |
Mitel 6920 Firmware | =5.1.0.2051 | |
Mitel 6920 Firmware | =5.1.0.2051-sp2_hf2 | |
Mitel 6920 | ||
Mitel 6930 Firmware | <5.1.0.2051 | |
Mitel 6930 Firmware | =5.1.0.2051 | |
Mitel 6930 Firmware | =5.1.0.2051-sp2_hf2 | |
Mitel 6930 | ||
Mitel 6940 Firmware | <5.1.0.2051 | |
Mitel 6940 Firmware | =5.1.0.2051 | |
Mitel 6940 Firmware | =5.1.0.2051-sp2_hf2 | |
Mitel 6940 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18863 is a key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier.
CVE-2019-18863 allows an attacker to launch a man-in-the-middle attack when SRTP is used in a call.
CVE-2019-18863 has a severity rating of 5.9 (medium).
To fix CVE-2019-18863, update Mitel 6800 and 6900 SIP series phones to version 5.1.0.2051 SP2 or later.
You can find more information about CVE-2019-18863 on the Mitel support website.