Vulnerability Details CVE-2019-18863
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.7%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2019-18863
-
cpe:2.3:h:mitel:6863i:-
-
cpe:2.3:h:mitel:6865i:-
-
cpe:2.3:h:mitel:6867i:-
-
cpe:2.3:h:mitel:6869i:-
-
cpe:2.3:h:mitel:6873i:-
-
cpe:2.3:h:mitel:6920:-
-
cpe:2.3:h:mitel:6930:-
-
cpe:2.3:h:mitel:6940:-
-
cpe:2.3:o:mitel:6863i_firmware:*
-
cpe:2.3:o:mitel:6863i_firmware:5.1.0.2051
-
cpe:2.3:o:mitel:6865i_firmware:*
-
cpe:2.3:o:mitel:6865i_firmware:5.1.0.2051
-
cpe:2.3:o:mitel:6867i_firmware:*
-
cpe:2.3:o:mitel:6867i_firmware:5.1.0.2051
-
cpe:2.3:o:mitel:6869i_firmware:*
-
cpe:2.3:o:mitel:6869i_firmware:5.1.0.2051
-
cpe:2.3:o:mitel:6873i_firmware:*
-
cpe:2.3:o:mitel:6873i_firmware:5.1.0.2051
-
cpe:2.3:o:mitel:6920_firmware:-
-
cpe:2.3:o:mitel:6920_firmware:5.0
-
cpe:2.3:o:mitel:6920_firmware:5.1
-
cpe:2.3:o:mitel:6920_firmware:5.1.0.2051
-
cpe:2.3:o:mitel:6930_firmware:-
-
cpe:2.3:o:mitel:6930_firmware:5.0
-
cpe:2.3:o:mitel:6930_firmware:5.1
-
cpe:2.3:o:mitel:6930_firmware:5.1.0.2051
-
cpe:2.3:o:mitel:6940_firmware:-
-
cpe:2.3:o:mitel:6940_firmware:5.0
-
cpe:2.3:o:mitel:6940_firmware:5.1
-
cpe:2.3:o:mitel:6940_firmware:5.1.0.2051