CVE-2020-13617

high-risk
Published 2020-08-26

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.

Do I need to act?

-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

6863 Firmware
6863 Firmware
6863 Firmware
6863 Firmware
6863 Firmware
6863 Firmware
6865 Firmware
6865 Firmware
6865 Firmware
6865 Firmware
6865 Firmware
6865 Firmware
6867 Firmware
6867 Firmware
6867 Firmware
6867 Firmware
6867 Firmware
6867 Firmware
6869 Firmware
6869 Firmware

Affected Vendors

Mitel

References (4)

Vendor Advisory https://www.mitel.com/support/security-advisories
Vendor Advisory https://www.mitel.com/support/security-advisories/mitel-product-security-advisor...
Vendor Advisory https://www.mitel.com/support/security-advisories
Vendor Advisory https://www.mitel.com/support/security-advisories/mitel-product-security-advisor...
54
/ 100
high-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 27/34 · High