Is CVE-2024-37569 actively exploited?

CVE-2024-37569 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2024-37569?

CVE-2024-37569 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-37569?

Patch guidance is available from mitel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-37569.

Fix CVE-2024-37569 - HIGH mitel 6869i sip firmware

Q: Which products are affected by CVE-2024-37569?

2 products: mitel 6869i sip firmware, mitel 6869i sip firmware.

Description

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-77 · Command Injection CWE-77 · Command Injection

Metadata

Primary Vendor: MITEL
Published: 6/9/2024
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

mitel : 6869i_sip_firmwaremitel : 6869i_sip_firmware

Remediation Guidance

Executive Summary

View on NIST NVD