Mitel Product Security Advisory 19-0002

InAttend and CMG Suite Password vulnerability

Advisory ID: 19-0002

First Issue Date: 2019-03-29

Last Updated: 2019-03-29

Revision: 1.0

Summary

A vulnerability has been identified in the BluStar component used in the InAttend and CMG Suite Servers, which allows the use of a default password. If successfully exploited, this vulnerability could allow a malicious actor to gain unauthorized access and execute arbitrary scripts.

This vulnerability was privately reported to Mitel. At time of publishing, Mitel is not aware of customers that have been impacted by this vulnerability.

Mitel is recommending customers with affected product versions update to the latest release.

Credit is given to Alessio Sergi of Verizon Enterprise Solutions for highlighting these issues and bringing these to our attention.

Affected Products

The following products have been identified as affected:

Product Name  Product Versions  Security Bulletin  Last Updated 
InAttend   2.5 SP2 and earlier  19-0002-001  2019-03-29 
CMG Suite   8.4 SP2 and earlier  19-0002-001  2019-03-29 

 

Risk Assessment

The risk of this vulnerability is rated as High.

Refer to the product Security Bulletin for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2018-19275

Revision History

Version Date Description
1.0  2019-03-29 Initial version 

 

 


Stay One Step Ahead

Ready to talk to sales? Contact us.
Find a Partner +44 1291 430 000 Email Us