Vulnerability Description
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | 6863I Firmware | < 5.1.0.2051 |
| Mitel | 6863I | - |
| Mitel | 6865I Firmware | < 5.1.0.2051 |
| Mitel | 6865I | - |
| Mitel | 6867I Firmware | < 5.1.0.2051 |
| Mitel | 6867I | - |
| Mitel | 6869I Firmware | < 5.1.0.2051 |
| Mitel | 6869I | - |
| Mitel | 6873I Firmware | < 5.1.0.2051 |
| Mitel | 6873I | - |
| Mitel | 6920 Firmware | < 5.1.0.2051 |
| Mitel | 6920 | - |
| Mitel | 6930 Firmware | < 5.1.0.2051 |
| Mitel | 6930 | - |
| Mitel | 6940 Firmware | < 5.1.0.2051 |
| Mitel | 6940 | - |
Related Weaknesses (CWE)
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
FAQ
What is CVE-2019-18863?
CVE-2019-18863 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-m...
How severe is CVE-2019-18863?
CVE-2019-18863 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18863?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel 6863I Firmware, Mitel 6863I, Mitel 6865I Firmware, Mitel 6865I, Mitel 6867I Firmware.