The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.
Weakness
The product initializes or sets a resource with a default that is intended to be changed by the product’s installer, administrator, or maintainer, but the default is not secure.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cmg_suite | Mitel | * | 8.4 (excluding) |
| Cmg_suite | Mitel | 8.4 (including) | 8.4 (including) |
| Cmg_suite | Mitel | 8.4-sp2 (including) | 8.4-sp2 (including) |
| Inattend | Mitel | * | 2.5 (excluding) |
| Inattend | Mitel | 2.5 (including) | 2.5 (including) |
| Inattend | Mitel | 2.5-sp1 (including) | 2.5-sp1 (including) |
| Inattend | Mitel | 2.5-sp2 (including) | 2.5-sp2 (including) |
Related Attack Patterns
References
- https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf
- https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002
- https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf
- https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002