Americas
Oceania
+32 2727 1811
+32 2727 1811
Contact Center
Samenwerken
Zakelijke telefoonsystemen
Devices & accessoires
Vragen of opmerkingen?
+32 2727 1811
Uw zakelijke behoefte
Uw branche
Organisatiegrootte
Onze diensten
Onze producten
Support voor klanten
Partner support
Training
Contact
Blog
Over Mitel
Vacatures
Case studies
Resource center
Locatie: België (NL)
Advisory ID: 20-0014
Publish Date: 2020-11-02
Last Updated: 2020-11-02
Revision: 1.0
Bluetooth enabled handsets of Mitel MiVoice 6940, 6930 and 6873i SIP and MiNet phones could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when the phone handset loses connection. This is possible due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
Mitel is recommending customers with affected product versions to update to the latest release.
Product Name | Product Version | Security Bulletin | Last Updated |
---|---|---|---|
Mitel MiVoice 6873i, 6930 and 6940 SIP phones |
Firmware versions 5.1.0 SP5 and earlier | 20-0014-001 | 2020-11-02 |
Mitel MiVoice 6930 and 6940 MiNet phones | Firmware versions 1.5.2 SP1 and earlier | 20-0014-002 | 2020-11-02 |
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
To successfully exploit this vulnerability the attacker’s device must be in proximity (within Bluetooth range) of two vulnerable Bluetooth devices. In addition, the attacker must successfully execute a Man-in-the-Middle attack within a narrow time window while both vulnerable devices are initiating Bluetooth pairing.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
CVE-2020-27639
CVE-2020-27640
Version | Date | Description |
---|---|---|
1.0 | 2020-11-02 | Initial version |