Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37570

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.

Published

2024-06-09T20:15:09.460

Last Modified

2024-11-21T09:24:05.917

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-77
Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mitel	6869i_sip_firmware	4.5.0.41	Yes
Hardware	mitel	6869i_sip	-	No

References

https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py Product ([email protected])
https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware Exploit, Third Party Advisory ([email protected])
https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)