A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors Products
Mitel
  • 6920 Firmware
  • 6865i Firmware
  • 6863i
  • 6940 Firmware
  • 6940
  • 6930 Firmware
  • 6865i
  • 6867i
  • 6869i Firmware
  • 6873i Firmware
  • 6873i
  • 6869i
  • 6930
  • 6920
  • 6867i Firmware
  • 6863i Firmware

Configuration 1 [-]

AND
OR cpe:2.3:o:mitel:6863i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6863i_firmware:5.1.0.2051:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6863i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*
cpe:2.3:h:mitel:6863i:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:mitel:6865i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6865i_firmware:5.1.0.2051:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6865i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*
cpe:2.3:h:mitel:6865i:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:mitel:6867i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6867i_firmware:5.1.0.2051:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6867i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*
cpe:2.3:h:mitel:6867i:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:mitel:6869i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6869i_firmware:5.1.0.2051:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6869i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*
cpe:2.3:h:mitel:6869i:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:mitel:6873i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6873i_firmware:5.1.0.2051:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6873i_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*
cpe:2.3:h:mitel:6873i:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:mitel:6920_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_firmware:5.1.0.2051:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*
cpe:2.3:h:mitel:6920:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:mitel:6930_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_firmware:5.1.0.2051:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*
cpe:2.3:h:mitel:6930:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:mitel:6940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_firmware:5.1.0.2051:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_firmware:5.1.0.2051:sp2_hf2:*:*:*:*:*:*
cpe:2.3:h:mitel:6940:-:*:*:*:*:*:*:*
References
Link Resource
https://www.mitel.com/support/security-advisories Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-02T17:52:37

Updated: 2020-03-02T17:52:37

Reserved: 2019-11-11T00:00:00

Link: CVE-2019-18863

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-03-02T18:15:10.667

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-18863

JSON object: View

cve-icon Redhat Information

No data.

CWE