How severe is CVE-2024-37569?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2024-37569?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2024-37569 - HIGH Severity | CVSS 8.3

Vulnerability Description

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.

Related Vulnerabilities

CVE-2020-11789

HIGH

CVSS:8.3(High)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and...

CWE-772020

CVE-2023-38034

HIGH

CVSS:8.3(High)

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All...

CWE-772023

CVE-2024-34347

HIGH

CVSS:8.3(High)

@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, t...

CWE-772024

CVE-2024-41637

HIGH

CVSS:8.3(High)

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands wi...

CWE-772024

CVE-2025-43012

HIGH

CVSS:8.3(High)

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

CWE-772025

CVE-2020-14433

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS...

CWE-772020