CVE-2024-37570

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update upgrade.html page does not perform sanitization on the username and path parameters sent by an authenticated user before appending flags to the busybox ftpget command. This leads to $ command execution...

CVE-2024-37569

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter sent by an authenticated...

The vulnerability of the Microprogrammed Software for IP Telephones Mitel 6869i, related to the lack of measures taken for data cleaning at the management level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Microprogrammed Software for Mitel 6869i IP phones lies in the lack of measures taken at the management level during the processing of the hostname parameter on the provis.html page. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by...

The vulnerability of the Microprogrammed Software for IP Telephones Mitel 6869i, related to the lack of measures taken at the control level to protect data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Microprogrammed Software for Mitel 6869i IP phones lies in the lack of measures taken to sanitize data at the administrative level when processing parameters like username and path on the upgrade.html page. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2024-37569

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter sent by an authenticated...

CVE-2024-37570

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update upgrade.html page does not perform sanitization on the username and path parameters sent by an authenticated user before appending flags to the busybox ftpget command. This leads to $ command execution...

CVE-2024-37570

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update upgrade.html page does not perform sanitization on the username and path parameters sent by an authenticated user before appending flags to the busybox ftpget command. This leads to $ command execution...

CVE-2024-37570

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update upgrade.html page does not perform sanitization on the username and path parameters sent by an authenticated user before appending flags to the busybox ftpget command. This leads to $ command execution...

PT-2024-9269 · Mitel · Mitel 6869I

Name of the Vulnerable Software and Affected Versions: Mitel 6869i versions 4.5.0.41 and earlier Mitel 6869i versions 5.x through 5.0.0.1018 Description: A command injection issue exists in the hostname parameter taken in by the "provis.html" endpoint. The "provis.html" endpoint performs no...

PT-2024-9270 · Mitel · Mitel 6869I

Name of the Vulnerable Software and Affected Versions: Mitel 6869i version 4.5.0.41 Description: The issue is related to the Manual Firmware Update upgrade.html page, which does not perform sanitization on the username and path parameters sent by an authenticated user. This lack of sanitization...

Mitel 6869i SIP Security Vulnerability

Mitel 6869i SIP is a powerful and scalable desk phone from Mitel Canada. A security vulnerability exists in Mitel 6869i versions 4.5.0.41 and earlier, 5.0.0.1018 and earlier, which stems from the provis.html endpoint that does not clean up the hostname parameter, and can be exploited by an attack...

Mitel 6869i Security Vulnerability

The Mitel 6869i SIP is a powerful and scalable desk phone from Mitel Canada. A security vulnerability exists in Mitel 6869i version 4.5.0.41, which stems from a failure of the upgrade.html page to clean up the username, path parameters prior to attaching flags to the busybox ftpget command,...

CVE-2024-37569

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter sent by an authenticated...

CVE-2024-37569

CVE-2024-37569 affects Mitel 6869i SIP Phone (versions 4.5.0.41 and 5.x up to 5.0.0.1018). A command injection exists in the hostname parameter of the provis.html endpoint; the endpoint does not sanitize the hostname, writing it to disk and executing it during boot as part of shell commands. This...

CVE-2024-37570

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update upgrade.html page does not perform sanitization on the username and path parameters sent by an authenticated user before appending flags to the busybox ftpget command. This leads to $ command execution...

Mitel 6869i Voip Deskphone 4.2.2032 Command Injection

BlueBox Security http://www.bluebox-security.de/ securityatbluebox-security.de bbs-2019.001.txt 08-August-2019 Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...

Mitel 6869i Voip Deskphone 4.2.2032 Command Injection Vulnerability

Mitel 6869i Voip Deskphone version 4.2.2032 suffer from an unauthenticated command injection vulnerability. Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...