Vulnerability Details CVE-2020-27639
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 4.8
References
Products affected by CVE-2020-27639
-
cpe:2.3:h:mitel:6873i_sip:-
-
cpe:2.3:h:mitel:6930_sip:-
-
cpe:2.3:h:mitel:6940_sip:-
-
cpe:2.3:o:mitel:6873i_sip_firmware:-
-
cpe:2.3:o:mitel:6873i_sip_firmware:5.0.0
-
cpe:2.3:o:mitel:6873i_sip_firmware:5.1.0
-
cpe:2.3:o:mitel:6930_sip_firmware:-
-
cpe:2.3:o:mitel:6930_sip_firmware:5.0.0
-
cpe:2.3:o:mitel:6930_sip_firmware:5.1.0
-
cpe:2.3:o:mitel:6940_sip_firmware:-
-
cpe:2.3:o:mitel:6940_sip_firmware:5.0.0
-
cpe:2.3:o:mitel:6940_sip_firmware:5.1.0