Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-18286

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

Published

2019-04-25T19:29:00.360

Last Modified

2024-11-21T03:55:39.057

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mitel	cmg_suite	≤ 8.4	Yes
Application	mitel	cmg_suite	8.4	Yes

References

https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-19-0003-001.pdf Vendor Advisory ([email protected])
https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-adivsory-19-0003-001 Vendor Advisory ([email protected])
https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-19-0003-001.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-adivsory-19-0003-001 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)