A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.
References
| Link | Resource |
|---|---|
| https://www.mitel.com/support/security-advisories | Vendor Advisory |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
History
No history.
Information
Published : 2020-03-02 18:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-18863
Mitre link : CVE-2019-18863
CVE.ORG link : CVE-2019-18863
JSON object : View
Products Affected
mitel
- 6920
- 6873i_firmware
- 6920_firmware
- 6930
- 6863i
- 6863i_firmware
- 6930_firmware
- 6865i
- 6940_firmware
- 6867i
- 6865i_firmware
- 6869i_firmware
- 6940
- 6869i
- 6873i
- 6867i_firmware
CWE
CWE-326
Inadequate Encryption Strength