CVE-2024-37570

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 9, 2024

Updated: Aug 1, 2024

CWE ID 77

CWE ID 75

Summary

CVE-2024-37570 is a vulnerability affecting Mitel 6869i devices running firmware version 4.5.0.41. The issue lies in the Manual Firmware Update page, where the username and path parameters, sent by an authenticated user, are not properly sanitized before being appended to the busybox ftpget command. Consequently, attackers can execute $() commands, posing a potential security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wYZHms
https://www.cve.org/CVERecord?id=CVE-2024-37570
https://nvd.nist.gov/vuln/detail/CVE-2024-37570

Back to Vulnerability Database

CVE-2024-37570

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations