Americas
Europe
Oceania
+41 32 655 33 33
+41 32 655 33 33
+41 32 655 33 33
Applications pour centre d'appels
Logiciel de collaboration
Systèmes de téléphonie professionnel
Appareils et accessoires
Avez-vous des questions ou des commentaires ?
+41 32 655 33 33
Votre besoin d'affaires
Votre industrie
La taille de votre entreprise
Nos services
Nos produits
Service client
Formation client
Assistance aux partenaires
Contactez nos commerciaux
Avez-vous des questions ou des commentaires ?
+41 32 655 33 33
Blog
À propos de Mitel
Carriere
Cas clients
Centre de ressources
Emplacements: Suisse (FR)
Advisory ID: 20-0013
Publish Date: 2020-11-02
Last Updated: 2020-11-02
Revision: 1.0
Bluetooth enabled Mitel MiVoice 6940, 6930 and 6873i SIP and MiNet phones could allow an attacker to conduct brute-force attacks, which is also known as a “KNOB” attack. If successful, this attack can decrypt and eavesdrop on communications. This is due to Bluetooth industry specifications that allowed low encryption key length and does not prevent an attacker from influencing the key length negotiation between two Bluetooth devices.
This vulnerability was discovered by security researchers and potentially affects all Bluetooth devices. To address this vulnerability, the Bluetooth specifications have been updated by the industry consortium, Bluetooth SIG (Special Interest Group). Mitel has implemented these updated specifications in affected products listed below.
Mitel is recommending customers with affected product versions to update to the latest release.
Security Bulletins are being issued for the following products:
Product Name | Product Version | Security Bulletin | Last Updated |
---|---|---|---|
Mitel MiVoice 6873i, 6930 and 6940 SIP phones |
Firmware versions 5.1.0 SP5 and earlier | 20-0013-001 | 2020-11-02 |
Mitel MiVoice 6930 and 6940 MiNet phones | Firmware versions 1.5.2 SP1 and earlier | 20-0013-002 | 2020-11-02 |
Mitel 632v2 and 622v2 DECT phones | Firmware versions 7.4.0 and earlier | 20-0013-003 | 2020-11-02 |
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
To successfully exploit this vulnerability the attacker’s device must be in proximity (within Bluetooth range) of two vulnerable Bluetooth devices. In addition, the attacker must successfully execute a Man-in-the-Middle attack within a narrow time window while both vulnerable devices are initiating Bluetooth pairing.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
CVE-2019-9506
VU#918987
Version | Date | Description |
---|---|---|
1.0 | 2020-11-02 | Initial version |