Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2024-37569
HistoryJun 09, 2024 - 12:00 a.m.

CVE-2024-37569

2024-06-0900:00:00
mitre
www.cve.org
1
mitel 6869i
command injection
vulnerability
hostname parameter
remote code execution

0.001 Low

EPSS

Percentile

25.9%

JSON

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.

Related

nvd 1
vulnrichment 1
cve 1
nvd
nvd
CVE-2024-37569
2024-06-09 20:15:09
vulnrichment
vulnrichment
CVE-2024-37569
2024-06-09 00:00:00
cve
cve
CVE-2024-37569
2024-06-09 20:15:09

0.001 Low

EPSS

Percentile

25.9%

JSON
Related for CVELIST:CVE-2024-37569
nvd1vulnrichment1cve1