Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mitel 6869i SIP 安全漏洞
Vulnerability Description
Mitel 6869i SIP是加拿大敏迪(Mitel)公司的一款功能强大且可扩展的桌面电话。 Mitel 6869i 4.5.0.41及之前、5.0.0.1018及之前版本存在安全漏洞,该漏洞源于 provis.html 端点不对 hostname 参数进行清理,攻击者利用该漏洞可以在root 上下文中执行远程代码。
CVSS Information
N/A
Vulnerability Type
N/A