CVE-2024-37570

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 9, 2024
Updated: Jun 12, 2024
CWE ID 77

Summary

CVE-2024-37570 is a vulnerability found in Mitel 6869i 4.5.0.41 devices, specifically on the Manual Firmware Update page. The issue arises due to the lack of sanitization on the username and path parameters sent by an authenticated user before appending flags to the busybox ftpget command, which can allow for command execution. This vulnerability poses a high risk to organizations, with a base severity score of 8.8 out of 10 and potential impacts on confidentiality, integrity, and availability. To remediate this vulnerability, affected devices should be updated to a patched version that addresses the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-37570 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions