Is CVE-2024-37570 actively exploited?

CVE-2024-37570 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2024-37570?

CVE-2024-37570 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-37570?

Patch guidance is available from mitel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-37570.

Which products are affected by CVE-2024-37570?

1 product: mitel 6869i sip firmware.

Fix CVE-2024-37570 - HIGH mitel 6869i sip firmware

Description

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-77 · Command Injection CWE-77 · Command Injection

Metadata

Primary Vendor: MITEL
Published: 6/9/2024
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

mitel : 6869i_sip_firmware

Remediation Guidance

Executive Summary

View on NIST NVD