CVE-2003-20001

An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records generated by the system. The information provided includes the service type, extension number and other parameters, related to the call activity.

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
http://olografix.org/acme/mitel.txt
https://packetstorm.news/files/id/31445
https://rb.gy/1smt22
https://www.exploit-db.com/exploits/49176

Configurations

No configuration.

History

04 Apr 2025, 21:15

Type	Values Removed	Values Added
Summary		(es) Se detectó un problema en los dispositivos Mitel ICP VoIP 3100. Cuando un usuario remoto intenta iniciar sesión por TELNET durante el tiempo de espera y entra una llamada externa, el sistema divulga incorrectamente información sobre la llamada y cualquier registro SMDR generado por el sistema. Esta información incluye el tipo de servicio, el número de extensión y otros parámetros relacionados con la actividad de la llamada.
CWE		CWE-200
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.6

01 Apr 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 21:15

Updated : 2025-04-04 21:15

NVD link : CVE-2003-20001

Mitre link : CVE-2003-20001

CVE.ORG link : CVE-2003-20001

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

5.6 /10