CVE-2018-19275

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
mitelcmg_suite
𝑥
< 8.4
mitelcmg_suite
8.4
mitelcmg_suite
8.4:sp2
mitelinattend
𝑥
< 2.5
mitelinattend
2.5
mitelinattend
2.5:sp1
mitelinattend
2.5:sp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf
https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002
https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf
https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002