// For flags

CVE-2020-27640

 

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.

El auricular Bluetooth de los teléfonos Mitel MiVoice 6940 y 6930 MiNet con versiones de firmware anteriores a 1.5.3, podría permitir a un atacante no autenticado dentro del alcance de Bluetooth emparejar un dispositivo Bluetooth fraudulento cuando un teléfono pierde la conexión debido a un mecanismo de emparejamiento inapropiado. Un explotación con éxito podría permitir a un atacante espiar conversaciones

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-22 CVE Reserved
  • 2020-12-18 CVE Published
  • 2023-09-03 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.mitel.com/support/security-advisories 2020-12-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mitel
Search vendor "Mitel"
 Mivoice 6940 Firmware
Search vendor "Mitel" for product "Mivoice 6940 Firmware"
 < 1.5.3
Search vendor "Mitel" for product "Mivoice 6940 Firmware" and version " < 1.5.3"
-
Affected
in Mitel
Search vendor "Mitel"
 Mivoice 6940
Search vendor "Mitel" for product "Mivoice 6940"
--
Safe
Mitel
Search vendor "Mitel"
 Mivoice 6930 Firmware
Search vendor "Mitel" for product "Mivoice 6930 Firmware"
 < 1.5.3
Search vendor "Mitel" for product "Mivoice 6930 Firmware" and version " < 1.5.3"
-
Affected
in Mitel
Search vendor "Mitel"
 Mivoice 6930
Search vendor "Mitel" for product "Mivoice 6930"
--
Safe