Vulnerabilities > CVE-2018-19275 - Insecure Default Initialization of Resource vulnerability in Mitel CMG Suite and Inattend

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

mitel

CWE-1188

critical

NVD

Published: 2019-04-02

Updated: 2020-08-24

Summary

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.

Vulnerable Configurations

Part	Description	Count
Application	Mitel Mitel CMG Suite * Mitel CMG Suite 8.4 Mitel Inattend * Mitel Inattend 2.5	7

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf
https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002