CVE-2020-27640
First published: Fri Dec 18 2020(Updated: )
The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel 6940w SIP Firmware | <1.5.3 | |
| Mitel 6940 SIP | ||
| Mitel MiVoice 6930 | <1.5.3 | |
| Mitel MiVoice 6930 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-27640.
What is the severity level of CVE-2020-27640?
The severity level of CVE-2020-27640 is high.
Which Mitel phone models are affected by CVE-2020-27640?
The Mitel MiVoice 6940 and 6930 MiNet phones are affected by CVE-2020-27640.
What is the firmware version affected by CVE-2020-27640?
The firmware version before 1.5.3 of Mitel MiVoice 6940 and 6930 MiNet phones is affected by CVE-2020-27640.
How can an attacker exploit CVE-2020-27640?
An unauthenticated attacker within Bluetooth range can pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism, exploiting CVE-2020-27640.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mitel
- canonical/mitel 6940w sip firmware
- canonical/mitel 6940 sip
- canonical/mitel mivoice 6930
- canonical/mitel mivoice 6930 firmware