CVE-2020-27639

Name of the Vulnerable Software and Affected Versions Mitel MiVoice 6873i versions prior to 5.1.0.SP6 Mitel MiVoice 6930 versions prior to 5.1.0.SP6 Mitel MiVoice 6940 versions prior to 5.1.0.SP6

Description The Bluetooth handset could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.

Recommendations For Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6, update the firmware to version 5.1.0.SP6 or later to resolve the issue. As a temporary workaround, consider disabling the Bluetooth pairing mechanism on the handsets until a patch is available. Restrict access to the Bluetooth range of the handsets to minimize the risk of exploitation.