Vulnerabilities > CVE-2018-19275 - Insecure Default Initialization of Resource vulnerability in Mitel CMG Suite and Inattend

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mitel

CWE-1188

critical

NVD

Published: 2019-04-02

Updated: 2020-08-24

Summary

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.

Vulnerable Configurations

Part	Description	Count
Application	Mitel Mitel Inattend * Mitel Inattend 2.5 Mitel CMG Suite 8.4	8

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002
https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf