Vulnerability Description
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | 6873I Sip Firmware | < 5.1.0 |
| Mitel | 6873I Sip | - |
| Mitel | 6930 Sip Firmware | < 5.1.0 |
| Mitel | 6930 Sip | - |
| Mitel | 6940 Sip Firmware | < 5.1.0 |
| Mitel | 6940 Sip | - |
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
FAQ
What is CVE-2020-27639?
CVE-2020-27639 is a vulnerability with a CVSS score of 8.1 (HIGH). The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device w...
How severe is CVE-2020-27639?
CVE-2020-27639 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27639?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel 6873I Sip Firmware, Mitel 6873I Sip, Mitel 6930 Sip Firmware, Mitel 6930 Sip, Mitel 6940 Sip Firmware.