CVE-2019-18863 : Security Advisory and Response

Mitel 6800 and 6900 SIP Series Phones SRTP 128-bit Key Vulnerability

Understanding CVE-2019-18863

This CVE involves a vulnerability in the implementation of SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, affecting versions 5.1.0.2051 SP2 and older.

What is CVE-2019-18863?

The vulnerability in the SRTP 128-bit key implementation on Mitel phones could allow attackers to conduct man-in-the-middle attacks during SRTP-enabled calls, potentially leading to sensitive information interception.

The Impact of CVE-2019-18863

Exploiting this vulnerability could result in attackers intercepting sensitive data during calls that use SRTP encryption on affected Mitel phone versions.

Technical Details of CVE-2019-18863

Mitel 6800 and 6900 SIP Series Phones SRTP 128-bit Key Vulnerability

Vulnerability Description

The vulnerability arises from the improper implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, enabling man-in-the-middle attacks.

Affected Systems and Versions

Mitel 6800 and 6900 SIP series phones
Versions 5.1.0.2051 SP2 and older

Exploitation Mechanism

Attackers can exploit this vulnerability to perform man-in-the-middle attacks during calls utilizing SRTP encryption on the affected Mitel phone versions.

Mitigation and Prevention

Protecting against CVE-2019-18863

Immediate Steps to Take

Update Mitel 6800 and 6900 SIP series phones to the latest firmware version.
Avoid using SRTP encryption until the phones are patched.

Long-Term Security Practices

Regularly monitor Mitel security advisories for updates.
Implement secure communication protocols and encryption practices.

Patching and Updates

Apply patches and firmware updates provided by Mitel to address the vulnerability.