Vulnerability Description
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | 6863 Firmware | <= 5.0 |
| Mitel | 6863 | - |
| Mitel | 6865 Firmware | <= 5.0 |
| Mitel | 6865 | - |
| Mitel | 6867 Firmware | <= 5.0 |
| Mitel | 6867 | - |
| Mitel | 6869 Firmware | <= 5.0 |
| Mitel | 6869 | - |
| Mitel | 6873 Firmware | <= 5.0 |
| Mitel | 6873 | - |
| Mitel | 6940 Firmware | <= 5.0 |
| Mitel | 6940 | - |
| Mitel | 6970 Firmware | <= 5.0 |
| Mitel | 6970 | - |
| Mitel | 6930 Firmware | <= 5.0 |
| Mitel | 6930 | - |
| Mitel | 6920 Firmware | <= 5.0 |
| Mitel | 6920 | - |
| Mitel | 6905 Firmware | <= 5.0 |
| Mitel | 6905 | - |
Related Weaknesses (CWE)
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
FAQ
What is CVE-2020-13617?
CVE-2020-13617 is a vulnerability with a CVSS score of 7.5 (HIGH). The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory hand...
How severe is CVE-2020-13617?
CVE-2020-13617 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13617?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel 6863 Firmware, Mitel 6863, Mitel 6865 Firmware, Mitel 6865, Mitel 6867 Firmware.