CVE-2024-37569

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 9, 2024
Updated: Jul 3, 2024
CWE ID 77

Summary

CVE-2024-37569 is a critical vulnerability affecting Mitel 6869i versions 4.5.0.41 and later, as well as 5.x versions up to 5.0.0.1018. This issue involves a command injection flaw in the provis.html endpoint. The endpoint fails to sanitize the hostname parameter, which is supplied by an authenticated user and later written to disk during boot. An attacker can exploit this vulnerability by inserting shell metacharacters into the hostname parameter, ultimately leading to remote code execution in the root context.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share