CVE-2024-37570

Exploit

EPSS 0.31%
Published 09.06.2024 20:15:09
Last modified 21.11.2024 09:24:05
Source cve@mitre.org
Teams watchlist Login
Open Login

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mitel ≫ 6869i Sip Firmware Version4.5.0.41

Mitel ≫ 6869i Sip Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.532

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py

Product

https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-37570

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-37570

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37570

EUVD