VDB
CVE-2020-27639
CVE-2020-27639
PUBLISHED
CVSS 8.100000381469727 HIGH
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
EPSS 0.29% · 52.0th percentile
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
0.29%
52.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mitel | 6873i_sip_firmware | 5.1.0, 0, 5.1.0 |
| mitel | 6940_sip_firmware | 5.1.0, 0, 5.1.0 |
| mitel | 6930_sip_firmware | 5.1.0, 0, 5.1.0 |
| n/a | n/a | * |
Timeline
- Nov 2, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://www.mitel.com/support/security-advisories url
- https://nvd.nist.gov/vuln/detail/CVE-2020-27639 advisory
- https://www.mitel.com/fr-fr/support/avis-de-securite/mitel-product-security-advisory-20-0013 advisory
- https://www.mitel.com/fr-fr/support/avis-de-securite/mitel-product-security-advisory-20-0014 advisory