Vulnerability Details CVE-2020-27640
The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 4.8
References
Products affected by CVE-2020-27640
-
cpe:2.3:h:mitel:mivoice_6930:-
-
cpe:2.3:h:mitel:mivoice_6940:-
-
cpe:2.3:o:mitel:mivoice_6930_firmware:-
-
cpe:2.3:o:mitel:mivoice_6930_firmware:1.5.2
-
cpe:2.3:o:mitel:mivoice_6940_firmware:-
-
cpe:2.3:o:mitel:mivoice_6940_firmware:1.5.2