Mitel – Vulnerability in 6800 and 6900 SIP series phones

Advisory IDRSN-SIP-1649

---

Vulnerability Information

A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier.

---

Technical Information

An attacker can launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.

---

Solutions

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com

---

External Resources

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0006

---

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18863