CVE-2024-28815

A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/1188.html
https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0003-001-v1.pdf
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0003
https://cwe.mitre.org/data/definitions/1188.html
https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0003-001-v1.pdf
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0003

Configurations

No configuration.

History

No history.

Information

Published : 2024-03-27 07:15

Updated : 2024-11-21 09:06

NVD link : CVE-2024-28815

Mitre link : CVE-2024-28815

CVE.ORG link : CVE-2024-28815

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Initialization of a Resource with an Insecure Default

{"id": "CVE-2024-28815", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-03-27T07:15:49.493", "references": [{"url": "https://cwe.mitre.org/data/definitions/1188.html", "source": "cve@mitre.org"}, {"url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0003-001-v1.pdf", "source": "cve@mitre.org"}, {"url": "https://www.mitel.com/support/security-advisories", "source": "cve@mitre.org"}, {"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0003", "source": "cve@mitre.org"}, {"url": "https://cwe.mitre.org/data/definitions/1188.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0003-001-v1.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mitel.com/support/security-advisories", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0003", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system."}, {"lang": "es", "value": "Una vulnerabilidad en el componente BluStar de Mitel InAttend 2.6 SP4 a 2.7 y CMG 8.5 SP4 a 8.6 podr\u00eda permitir el acceso a informaci\u00f3n confidencial, cambios en la configuraci\u00f3n del sistema o la ejecuci\u00f3n de comandos arbitrarios dentro del contexto del sistema."}], "lastModified": "2024-11-21T09:06:59.140", "sourceIdentifier": "cve@mitre.org"}