CVE-2003-20001

MEDIUM

Mitel ICP VoIP 3100 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-20001. PoCs published by Andrea Intilangelo.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Mitel's VoIP server (mitel-cs018) where call data is leaked during authentication attempts. The exploit demonstrates how telephone numbers and call details are exposed when a call occurs during login.

Description

An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records generated by the system. The information provided includes the service type, extension number and other parameters, related to the call activity.

Exploits (1)

exploitdb WRITEUP
by Andrea Intilangelo · textremotelinux
https://www.exploit-db.com/exploits/49176

This is a writeup describing an information disclosure vulnerability in Mitel's VoIP server (mitel-cs018) where call data is leaked during authentication attempts. The exploit demonstrates how telephone numbers and call details are exposed when a call occurs during login.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mitel mitel-cs018
No auth needed
Prerequisites: Network access to the Mitel VoIP server · Active call during authentication attempt
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources
https://rb.gy/1smt22
Exploit, Third Party Advisory
https://www.exploit-db.com/exploits/49176

Scores

CVSS v3 5.6
EPSS 0.0133
EPSS Percentile 67.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Published Apr 01, 2025
Tracked Since Feb 18, 2026