A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system.
The vulnerability results from improper default initialization (CWE-1188), which means that the BluStar component is accessible without appropriate authentication mechanisms or with unsecured default settings. A network attacker, without any privileges and without user interaction, can gain access to system functions through appropriately crafted requests. As a result, it is possible to execute arbitrary commands in the context of the operating system.
An attacker can gain access to confidential information, introduce unauthorized changes to system configuration, or execute arbitrary commands with system privileges, which in practice means complete takeover of the device.
Apply patches available from the manufacturer according to references — detailed information is contained in the Mitel security bulletin (Security Advisory 24-0003) available at the address indicated in the manufacturer's references.
Mitel InAttend in versions 2.6 SP4 to 2.7 and Mitel CMG in versions 8.5 SP4 to 8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H