Lucene search

MitreCVE-2024-37570

HistoryJun 09, 2024 - 8:15 p.m.

CVE-2024-37570

2024-06-0920:15:09

CWE-77

CWE-75

mitre

web.nvd.nist.gov

mitel devices

firmware update

command execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.

Affected configurations

Nvd

Node

mitel6869i_sip_firmwareMatch4.5.0.41

AND

mitel6869i_sipMatch-

VendorProductVersionCPE
mitel6869i_sip_firmware4.5.0.41cpe:2.3:o:mitel:6869i_sip_firmware:4.5.0.41:*:*:*:*:*:*:*
mitel6869i_sip-cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitel	6869i_sip_firmware	4.5.0.41	cpe:2.3:o:mitel:6869i_sip_firmware:4.5.0.41:::::::*
mitel	6869i_sip	-	cpe:2.3:h:mitel:6869i_sip:-:::::::*

References

github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py

github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

Related for CVE-2024-37570