Americas
Oceania
Advisory ID: 20-0007
Publish Date: 2020-06-02
Last Updated: 2020-06-02
Revision: 1.0
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones firmware could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. A successful exploit could allow an attacker to gain access to sensitive information.
Risk may be significantly reduced by ensuring that Mitel MiVoice SIP Phones are deployed in well protected networks.
Credit is given to Matthew Byrdwell, an Independent Security Researcher, for highlighting this issue and bringing this to our attention.
Mitel is recommending customers with affected product versions, update to the latest release.
Product Name | Product Version | Security Bulletin | Last Updated |
---|---|---|---|
Mitel MiVoice 6800 and 6900 series SIP Phones | Firmware versions 5.1.0 SP4 and earlier | 2020-06-03 |
The risk for this vulnerability is rated as High. Refer to the product Security Bulletins for additional statements regarding risk.
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
Version | Date | Description |
---|---|---|
1.0 | 2020-06-05 | Initial version |