Lucene search

MitreCVE-2018-19275

HistoryApr 02, 2019 - 6:29 p.m.

CVE-2018-19275

2019-04-0218:29:02

CWE-1188

mitre

web.nvd.nist.gov

cve

2018

19275

mitel inattend

cmg

default password

vulnerability

unauthorized access

arbitrary scripts

system security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.011

Percentile

84.2%

JSON

The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.

Affected configurations

Nvd

Node

mitelcmg_suiteRange<8.4

mitelcmg_suiteMatch8.4-

mitelcmg_suiteMatch8.4sp2

mitelinattendRange<2.5

mitelinattendMatch2.5-

mitelinattendMatch2.5sp1

mitelinattendMatch2.5sp2

VendorProductVersionCPE
mitelcmg_suite*cpe:2.3:a:mitel:cmg_suite:*:*:*:*:*:*:*:*
mitelcmg_suite8.4cpe:2.3:a:mitel:cmg_suite:8.4:-:*:*:*:*:*:*
mitelcmg_suite8.4cpe:2.3:a:mitel:cmg_suite:8.4:sp2:*:*:*:*:*:*
mitelinattend*cpe:2.3:a:mitel:inattend:*:*:*:*:*:*:*:*
mitelinattend2.5cpe:2.3:a:mitel:inattend:2.5:-:*:*:*:*:*:*
mitelinattend2.5cpe:2.3:a:mitel:inattend:2.5:sp1:*:*:*:*:*:*
mitelinattend2.5cpe:2.3:a:mitel:inattend:2.5:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitel	cmg_suite	*	cpe:2.3:a:mitel:cmg_suite::::::::
mitel	cmg_suite	8.4	cpe:2.3:a:mitel:cmg_suite:8.4:-::::::
mitel	cmg_suite	8.4	cpe:2.3:a:mitel:cmg_suite:8.4:sp2::::::
mitel	inattend	*	cpe:2.3:a:mitel:inattend::::::::
mitel	inattend	2.5	cpe:2.3:a:mitel:inattend:2.5:-::::::
mitel	inattend	2.5	cpe:2.3:a:mitel:inattend:2.5:sp1::::::
mitel	inattend	2.5	cpe:2.3:a:mitel:inattend:2.5:sp2::::::

References

www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf

www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.011

Percentile

84.2%

JSON

Related for CVE-2018-19275