Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentMitreVULNRICHMENT:CVE-2024-37569
HistoryJun 09, 2024 - 12:00 a.m.

CVE-2024-37569

2024-06-0900:00:00
mitre
github.com
mitel
command injection
remote code execution
provis.html
shell metacharacters
hostname parameter
authenticated user

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.9%

JSON

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.

Related

nvd 1
cve 1
cvelist 1
nvd
nvd
CVE-2024-37569
2024-06-09 20:15:09
cve
cve
CVE-2024-37569
2024-06-09 20:15:09
cvelist
cvelist
CVE-2024-37569
2024-06-09 00:00:00

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.9%

JSON
Related for VULNRICHMENT:CVE-2024-37569
nvd1cve1cvelist1