CVE-2019-18863
MEDIUMMitel 6800/6900 SIP <5.1.0.2051 SP2 - Man-In-The-Middle
Title source: llmDescription
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.mitel.com/support/security-advisories
Vendor Advisory x_refsource_confirm
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006
Scores
CVSS v3
5.9
EPSS
0.0051
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-326
Status
published
Products (16)
mitel/6863i_firmware
5.1.0.2051 (2 CPE variants)
mitel/6863i_firmware
< 5.1.0.2051
mitel/6865i_firmware
5.1.0.2051 (2 CPE variants)
mitel/6865i_firmware
< 5.1.0.2051
mitel/6867i_firmware
5.1.0.2051 (2 CPE variants)
mitel/6867i_firmware
< 5.1.0.2051
mitel/6869i_firmware
5.1.0.2051 (2 CPE variants)
mitel/6869i_firmware
< 5.1.0.2051
mitel/6873i_firmware
5.1.0.2051 (2 CPE variants)
mitel/6873i_firmware
< 5.1.0.2051
... and 6 more
Published
Mar 02, 2020
Tracked Since
Feb 18, 2026