CVE-2018-19275

EUVD-2018-10981
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
mitelcmg_suite
𝑥
< 8.4
mitelcmg_suite
8.4
mitelcmg_suite
8.4:sp2
mitelinattend
𝑥
< 2.5
mitelinattend
2.5
mitelinattend
2.5:sp1
mitelinattend
2.5:sp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf
https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002
https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf
https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002