Michael Alampi

Name of the Vulnerable Software and Affected Versions: Mitel 6869i versions 4.5.0.41 and earlier Mitel 6869i versions 5.x through 5.0.0.1018 Description: A command injection issue exists in the `hostname` parameter taken in by the "provis.html" endpoint. The "provis.html" endpoint performs no sanitization on the `hostname` parameter, which is subsequently written to disk. During boot, the `hostname` parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the `hostname` parameter. Recommendations: For Mitel 6869i versions 4.5.0.41 and earlier, consider disabling access to the "provis.html" endpoint until a patch is available. For Mitel 6869i versions 5.x through 5.0.0.1018, restrict the use of the `hostname` parameter in the "provis.html" endpoint to minimize the risk of exploitation. As a temporary workaround, consider implementing input validation and sanitization for the `hostname` parameter to prevent command injection attacks.