CVE-2019-18863

MEDIUM Year: 2019
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-326
View all →

Vulnerability Description

A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.

Related Vulnerabilities

CVE-2005-4900

MEDIUM
CVSS:5.9(Medium)

SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to...

CWE-3262005

CVE-2013-2566

MEDIUM
CVSS:5.9(Medium)

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis ...

CWE-3262013

CVE-2016-10104

MEDIUM
CVSS:5.9(Medium)

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP ...

CWE-3262016

CVE-2016-4685

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.

CWE-3262016

CVE-2016-6225

MEDIUM
CVSS:5.9(Medium)

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain s...

CWE-3262016

CVE-2017-1179

MEDIUM
CVSS:5.9(Medium)

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.

CWE-3262017