CVE-2018-19275
published 2019-04-02CVE-2018-19275: The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.61%
90.5th percentile
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitel | cmg_suite | < 8.4 | 8.4 |
| mitel | cmg_suite | — | — |
| mitel | inattend | < 2.5 | 2.5 |
| mitel | inattend | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdfhttps://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdfhttps://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002
2019-04-02
Published