Vulnerability Description
The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mivoice 6940 Firmware | < 1.5.3 |
| Mitel | Mivoice 6940 | - |
| Mitel | Mivoice 6930 Firmware | < 1.5.3 |
| Mitel | Mivoice 6930 | - |
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
FAQ
What is CVE-2020-27640?
CVE-2020-27640 is a vulnerability with a CVSS score of 8.1 (HIGH). The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phon...
How severe is CVE-2020-27640?
CVE-2020-27640 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27640?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel Mivoice 6940 Firmware, Mitel Mivoice 6940, Mitel Mivoice 6930 Firmware, Mitel Mivoice 6930.