Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37569

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.

Published

2024-06-09T20:15:09.377

Last Modified

2024-11-21T09:24:05.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-77
Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mitel	6869i_sip_firmware	≤ 4.5.0.41	Yes
Operating System	mitel	6869i_sip_firmware	≤ 5.0.0.1018	Yes
Hardware	mitel	6869i_sip	-	No

References

https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py Product ([email protected])
https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis Exploit, Third Party Advisory ([email protected])
https://www.youtube.com/watch?v=I9TQqfP5qzM Exploit ([email protected])
https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.youtube.com/watch?v=I9TQqfP5qzM Exploit (af854a3a-2127-422b-91ae-364da2661108)