CVE-2024-37569

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:24

Type Values Removed Values Added
References () https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py - Product () https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py - Product
References () https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis - Exploit, Third Party Advisory () https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis - Exploit, Third Party Advisory
References () https://www.youtube.com/watch?v=I9TQqfP5qzM - Exploit () https://www.youtube.com/watch?v=I9TQqfP5qzM - Exploit

12 Jun 2024, 16:32

Type Values Removed Values Added
CPE cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-77
First Time Mitel 6869i Sip
Mitel 6869i Sip Firmware
Mitel
References () https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py - () https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py - Product
References () https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis - () https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis - Exploit, Third Party Advisory
References () https://www.youtube.com/watch?v=I9TQqfP5qzM - () https://www.youtube.com/watch?v=I9TQqfP5qzM - Exploit
Summary
  • (es) Se descubrió un problema en dispositivos Mitel 6869i hasta 4.5.0.41 y 5.x hasta 5.0.0.1018. Existe una vulnerabilidad de inyección de comando en el parámetro de nombre de host tomado por el endpoint provis.html. El endpoint provis.html no realiza ninguna sanitización en el parámetro de nombre de host (enviado por un usuario autenticado), que posteriormente se escribe en el disco. Durante el arranque, el parámetro de nombre de host se ejecuta como parte de una serie de comandos de shell. Los atacantes pueden lograr la ejecución remota de código en el contexto raíz colocando metacaracteres del shell en el parámetro de nombre de host.

09 Jun 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-09 20:15

Updated : 2024-11-21 09:24


NVD link : CVE-2024-37569

Mitre link : CVE-2024-37569

CVE.ORG link : CVE-2024-37569


JSON object : View

Products Affected

mitel

  • 6869i_sip
  • 6869i_sip_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')