Vulnerability in Mitel 6863
CVE-2020-13617
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
EPSS: 0.013 (67.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Mitel 6863
- Mitel 6863_firmware — versions 5.1
- Mitel 6865
- Mitel 6865_firmware — versions 5.1
- Mitel 6867
- Mitel 6867_firmware — versions 5.1
- Mitel 6869
- Mitel 6869_firmware — versions 5.1
- Mitel 6873
- Mitel 6873_firmware — versions 5.1
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-13617?
- CVE-2020-13617 is a high-severity vulnerability in Mitel 6863, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 7.5/10. Published 2020-08-26.
- How severe is CVE-2020-13617?
- High severity. CVSS v3 base score is 7.5 out of 10.