CVE-2019-18863

Published: Mar 2, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.

Affected (24)

Products: Mitel: 6863i Firmware, 6865i Firmware, 6867i Firmware, 6869i Firmware, 6873i Firmware, 6920 Firmware, 6930 Firmware, 6940 Firmware

8 products

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitel 6863i Firmware	Before 5.1.0.2051
Mitel 6863i Firmware	Version 5.1.0.2051
Mitel 6863i Firmware	Version 5.1.0.2051 sp2_hf2

Running on/with	Platform Versions
Mitel 6863i	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitel 6865i Firmware	Before 5.1.0.2051
Mitel 6865i Firmware	Version 5.1.0.2051
Mitel 6865i Firmware	Version 5.1.0.2051 sp2_hf2

Running on/with	Platform Versions
Mitel 6865i	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitel 6867i Firmware	Before 5.1.0.2051
Mitel 6867i Firmware	Version 5.1.0.2051
Mitel 6867i Firmware	Version 5.1.0.2051 sp2_hf2

Running on/with	Platform Versions
Mitel 6867i	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitel 6869i Firmware	Before 5.1.0.2051
Mitel 6869i Firmware	Version 5.1.0.2051
Mitel 6869i Firmware	Version 5.1.0.2051 sp2_hf2

Running on/with	Platform Versions
Mitel 6869i	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitel 6873i Firmware	Before 5.1.0.2051
Mitel 6873i Firmware	Version 5.1.0.2051
Mitel 6873i Firmware	Version 5.1.0.2051 sp2_hf2

Running on/with	Platform Versions
Mitel 6873i	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitel 6920 Firmware	Before 5.1.0.2051
Mitel 6920 Firmware	Version 5.1.0.2051
Mitel 6920 Firmware	Version 5.1.0.2051 sp2_hf2

Running on/with	Platform Versions
Mitel 6920	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitel 6930 Firmware	Before 5.1.0.2051
Mitel 6930 Firmware	Version 5.1.0.2051
Mitel 6930 Firmware	Version 5.1.0.2051 sp2_hf2

Running on/with	Platform Versions
Mitel 6930	All versions

Configuration H

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitel 6940 Firmware	Before 5.1.0.2051
Mitel 6940 Firmware	Version 5.1.0.2051
Mitel 6940 Firmware	Version 5.1.0.2051 sp2_hf2

Running on/with	Platform Versions
Mitel 6940	All versions

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (4)

https://www.mitel.com/support/security-advisories

Source: cve@mitre.org

Vendor Advisory

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006

Source: cve@mitre.org

Vendor Advisory

https://www.mitel.com/support/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.