CVE-2020-13617

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:mitel:6863_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6863_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6863_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6863_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6863_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6863_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6863:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:mitel:6865_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6865_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6865_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6865_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6865_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6865_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6865:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:mitel:6867_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6867_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6867_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6867_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6867_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6867_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6867:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:mitel:6869_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6869_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6869_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6869_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6869_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6869_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6869:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:mitel:6873_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6873_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6873_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6873_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6873_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6873_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6873:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:mitel:6940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6940:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6970_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6970_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6970_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6970_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6970_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:mitel:6930_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6930:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:mitel:6920_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6920:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_firmware:5.1:sp2:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_firmware:5.1:sp3:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_firmware:5.1:sp4:*:*:*:*:*:*
cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:01

Type Values Removed Values Added
References () https://www.mitel.com/support/security-advisories - Vendor Advisory () https://www.mitel.com/support/security-advisories - Vendor Advisory
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007 - Vendor Advisory () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007 - Vendor Advisory

Information

Published : 2020-08-26 18:15

Updated : 2024-11-21 05:01


NVD link : CVE-2020-13617

Mitre link : CVE-2020-13617

CVE.ORG link : CVE-2020-13617


JSON object : View

Products Affected

mitel

  • 6970_firmware
  • 6920_firmware
  • 6940
  • 6867
  • 6869
  • 6865_firmware
  • 6930
  • 6910_firmware
  • 6905
  • 6873
  • 6865
  • 6863
  • 6867_firmware
  • 6930_firmware
  • 6970
  • 6905_firmware
  • 6863_firmware
  • 6869_firmware
  • 6910
  • 6873_firmware
  • 6940_firmware
  • 6920
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts