LOGIN PORTAL
Americas
Europe
Oceania
Business Phone Systems
Collaboration
Contact Center
Phones & Accessories
Apps & Developers
Your Business Need
Your Industry
Your Business Size
Our Services
Our Products
Blog
About Mitel
Careers
Customer Success
Resource Center
Location: United Kingdom
Advisory ID: 20-0007
Publish Date: 2020-06-02
Last Updated: 2020-06-02
Revision: 1.0
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones firmware could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. A successful exploit could allow an attacker to gain access to sensitive information.
Risk may be significantly reduced by ensuring that Mitel MiVoice SIP Phones are deployed in well protected networks.
Credit is given to Matthew Byrdwell, an Independent Security Researcher, for highlighting this issue and bringing this to our attention.
Mitel is recommending customers with affected product versions, update to the latest release.
Product Name | Product Version | Security Bulletin | Last Updated |
---|---|---|---|
Mitel MiVoice 6800 and 6900 series SIP Phones | Firmware versions 5.1.0 SP4 and earlier | 2020-06-03 |
The risk for this vulnerability is rated as High. Refer to the product Security Bulletins for additional statements regarding risk.
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
Version | Date | Description |
---|---|---|
1.0 | 2020-06-05 | Initial version |