CVE-2020-27640

Name of the Vulnerable Software and Affected Versions Mitel MiVoice 6940 and 6930 MiNet phones versions prior to 1.5.3

Description The issue is related to an improper pairing mechanism in the Bluetooth handset of the affected phones. This could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection. A successful exploit could allow an attacker to eavesdrop on conversations.

Recommendations For versions prior to 1.5.3, update the firmware to version 1.5.3 or later to resolve the issue. As a temporary workaround, consider restricting Bluetooth connectivity when not in use to minimize the risk of exploitation.