Lucene search

[email protected]CVE-2024-37570

HistoryJun 09, 2024 - 8:15 p.m.

CVE-2024-37570

2024-06-0920:15:09

CWE-77

[email protected]

web.nvd.nist.gov

mitel devices

firmware update

command execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.9%

JSON

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.

Affected configurations

NVD

Node

mitel6869i_sip_firmwareMatch4.5.0.41

AND

mitel6869i_sipMatch-

CPENameOperatorVersion
mitel:6869i_sip_firmwaremitel 6869i sip firmwareeq4.5.0.41

CPE	Name	Operator	Version
mitel:6869i_sip_firmware	mitel 6869i sip firmware	eq	4.5.0.41

References

github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py

github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.9%

JSON

Related for CVE-2024-37570

cvelist1 nvd1