Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by LifeSize
CVE-2018-25312 (GCVE-0-2018-25312)
Vulnerability from nvd – Published: 2026-04-29 19:24 – Updated: 2026-04-30 15:22
VLAI
Title
LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution
Summary
LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arbitrary locations on the system, enabling remote code execution.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44390 | exploit |
| https://www.vulncheck.com/advisories/lifesize-cle… | third-party-advisory |
Date Public
2018-04-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:11:32.931042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T15:22:29.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ClearSea",
"vendor": "LifeSize",
"versions": [
{
"status": "affected",
"version": "3.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "rsp3ar \u003clukunming@gmail.com\u003e"
}
],
"datePublic": "2018-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arbitrary locations on the system, enabling remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T19:51:37.641Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-44390",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/44390"
},
{
"name": "VulnCheck Advisory: LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/lifesize-clearsea-directory-traversal-remote-code-execution"
}
],
"title": "LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25312",
"datePublished": "2026-04-29T19:24:42.015Z",
"dateReserved": "2026-04-29T12:22:39.954Z",
"dateUpdated": "2026-04-30T15:22:29.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-2763 (GCVE-0-2011-2763)
Vulnerability from nvd – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:15
VLAI
Summary
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/17743 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/8527 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/49330 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/519463/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.kb.cert.org/vuls/id/213486 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securestate.com/Documents/LifeSize_Roo… | x_refsource_MISC |
| http://securityreason.com/securityalert/8363 | third-party-advisoryx_refsource_SREASON |
Date Public
2011-08-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:30.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lifesize-room-command-execution(69444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69444"
},
{
"name": "17743",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17743"
},
{
"name": "8527",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8527"
},
{
"name": "49330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49330"
},
{
"name": "20110828 LifeSize Room Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519463/100/0/threaded"
},
{
"name": "VU#213486",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/213486"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt"
},
{
"name": "8363",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lifesize-room-command-execution(69444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69444"
},
{
"name": "17743",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17743"
},
{
"name": "8527",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8527"
},
{
"name": "49330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49330"
},
{
"name": "20110828 LifeSize Room Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519463/100/0/threaded"
},
{
"name": "VU#213486",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/213486"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt"
},
{
"name": "8363",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8363"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lifesize-room-command-execution(69444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69444"
},
{
"name": "17743",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17743"
},
{
"name": "8527",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8527"
},
{
"name": "49330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49330"
},
{
"name": "20110828 LifeSize Room Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519463/100/0/threaded"
},
{
"name": "VU#213486",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/213486"
},
{
"name": "http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt",
"refsource": "MISC",
"url": "http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt"
},
{
"name": "8363",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8363"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2763",
"datePublished": "2011-09-02T16:00:00.000Z",
"dateReserved": "2011-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:15:30.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25312 (GCVE-0-2018-25312)
Vulnerability from cvelistv5 – Published: 2026-04-29 19:24 – Updated: 2026-04-30 15:22
VLAI
Title
LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution
Summary
LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arbitrary locations on the system, enabling remote code execution.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44390 | exploit |
| https://www.vulncheck.com/advisories/lifesize-cle… | third-party-advisory |
Date Public
2018-04-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:11:32.931042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T15:22:29.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ClearSea",
"vendor": "LifeSize",
"versions": [
{
"status": "affected",
"version": "3.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "rsp3ar \u003clukunming@gmail.com\u003e"
}
],
"datePublic": "2018-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arbitrary locations on the system, enabling remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T19:51:37.641Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-44390",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/44390"
},
{
"name": "VulnCheck Advisory: LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/lifesize-clearsea-directory-traversal-remote-code-execution"
}
],
"title": "LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25312",
"datePublished": "2026-04-29T19:24:42.015Z",
"dateReserved": "2026-04-29T12:22:39.954Z",
"dateUpdated": "2026-04-30T15:22:29.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-2763 (GCVE-0-2011-2763)
Vulnerability from cvelistv5 – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:15
VLAI
Summary
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/17743 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/8527 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/49330 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/519463/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.kb.cert.org/vuls/id/213486 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securestate.com/Documents/LifeSize_Roo… | x_refsource_MISC |
| http://securityreason.com/securityalert/8363 | third-party-advisoryx_refsource_SREASON |
Date Public
2011-08-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:30.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lifesize-room-command-execution(69444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69444"
},
{
"name": "17743",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17743"
},
{
"name": "8527",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8527"
},
{
"name": "49330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49330"
},
{
"name": "20110828 LifeSize Room Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519463/100/0/threaded"
},
{
"name": "VU#213486",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/213486"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt"
},
{
"name": "8363",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lifesize-room-command-execution(69444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69444"
},
{
"name": "17743",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17743"
},
{
"name": "8527",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8527"
},
{
"name": "49330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49330"
},
{
"name": "20110828 LifeSize Room Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519463/100/0/threaded"
},
{
"name": "VU#213486",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/213486"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt"
},
{
"name": "8363",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8363"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lifesize-room-command-execution(69444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69444"
},
{
"name": "17743",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17743"
},
{
"name": "8527",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8527"
},
{
"name": "49330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49330"
},
{
"name": "20110828 LifeSize Room Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519463/100/0/threaded"
},
{
"name": "VU#213486",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/213486"
},
{
"name": "http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt",
"refsource": "MISC",
"url": "http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt"
},
{
"name": "8363",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8363"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2763",
"datePublished": "2011-09-02T16:00:00.000Z",
"dateReserved": "2011-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:15:30.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201905-0076
Vulnerability from variot - Updated: 2023-12-18 13:43A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request. Lifesize Icon Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lifesize Icon is a set of video conferencing system of American Lifesize company. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "icon 500",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": "ls_rm3_3.7.0\\(2421\\)"
},
{
"model": "icon 300",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": "ls_rm3_3.7.0\\(2421\\)"
},
{
"model": "icon 700",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": "ls_rm3_3.7.0\\(2421\\)"
},
{
"model": "icon 300",
"scope": "eq",
"trust": 0.8,
"vendor": "lifesize",
"version": "ls_rm3_3.7.0 (2421)"
},
{
"model": "icon 500",
"scope": "eq",
"trust": 0.8,
"vendor": "lifesize",
"version": "ls_rm3_3.7.0 (2421)"
},
{
"model": "icon 700",
"scope": "eq",
"trust": 0.8,
"vendor": "lifesize",
"version": "ls_rm3_3.7.0 (2421)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"db": "NVD",
"id": "CVE-2019-3702"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lifesize:icon_300_firmware:ls_rm3_3.7.0\\(2421\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:icon_300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lifesize:icon_500_firmware:ls_rm3_3.7.0\\(2421\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:icon_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lifesize:icon_700_firmware:ls_rm3_3.7.0\\(2421\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:icon_700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3702"
}
]
},
"cve": "CVE-2019-3702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3702",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-155137",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3702",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3702",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-332",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155137",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155137"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"db": "NVD",
"id": "CVE-2019-3702"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-332"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request. Lifesize Icon Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lifesize Icon is a set of video conferencing system of American Lifesize company. The vulnerability stems from the failure of the network system or product to properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3702"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"db": "VULHUB",
"id": "VHN-155137"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3702",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004549",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-332",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155137",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155137"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"db": "NVD",
"id": "CVE-2019-3702"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-332"
}
]
},
"id": "VAR-201905-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155137"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:43:22.900000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Video conferencing camera systems for any meeting space",
"trust": 0.8,
"url": "https://www.lifesize.com/en/video-conferencing-cameras"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155137"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"db": "NVD",
"id": "CVE-2019-3702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://atomic111.github.io/article/lifesize-icon-remote-code-execution"
},
{
"trust": 1.7,
"url": "https://www.lifesize.com/en/video-conferencing-cameras"
},
{
"trust": 1.7,
"url": "https://www.sva.de/solutions/it-security.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3702"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3702"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155137"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"db": "NVD",
"id": "CVE-2019-3702"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-332"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155137"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"db": "NVD",
"id": "CVE-2019-3702"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-332"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-155137"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"date": "2019-05-13T17:29:03.067000",
"db": "NVD",
"id": "CVE-2019-3702"
},
{
"date": "2019-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-332"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-155137"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004549"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-3702"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-332"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-332"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lifesize Icon Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004549"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-332"
}
],
"trust": 0.6
}
}
VAR-201902-0255
Vulnerability from variot - Updated: 2023-12-18 13:02LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication. plural LifeSize Product Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LifeSize Team and others are a set of video conferencing solutions of American LifeSize Company. An operating system command injection vulnerability exists in several LifeSize products. An attacker could exploit this vulnerability to inject and run code on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "room 220",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": null
},
{
"model": "team 220",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": null
},
{
"model": "passport 220",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": null
},
{
"model": "networker 220",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": null
},
{
"model": "networker 220",
"scope": null,
"trust": 0.8,
"vendor": "lifesize",
"version": null
},
{
"model": "passport 220",
"scope": null,
"trust": 0.8,
"vendor": "lifesize",
"version": null
},
{
"model": "room 220",
"scope": null,
"trust": 0.8,
"vendor": "lifesize",
"version": null
},
{
"model": "team 220",
"scope": null,
"trust": 0.8,
"vendor": "lifesize",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"db": "NVD",
"id": "CVE-2019-7632"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lifesize:team_220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:team_220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lifesize:passport_220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:passport_220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lifesize:networker_220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:networker_220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lifesize:room_220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:room_220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7632"
}
]
},
"cve": "CVE-2019-7632",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-7632",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-159067",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7632",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7632",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-174",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-159067",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159067"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"db": "NVD",
"id": "CVE-2019-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication. plural LifeSize Product Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LifeSize Team and others are a set of video conferencing solutions of American LifeSize Company. An operating system command injection vulnerability exists in several LifeSize products. An attacker could exploit this vulnerability to inject and run code on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7632"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"db": "VULHUB",
"id": "VHN-159067"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7632",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001676",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-174",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-159067",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159067"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"db": "NVD",
"id": "CVE-2019-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
]
},
"id": "VAR-201902-0255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-159067"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:02:21.228000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Products",
"trust": 0.8,
"url": "https://www.lifesize.com/en/resources/products"
},
{
"title": "Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89076"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159067"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"db": "NVD",
"id": "CVE-2019-7632"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=22113"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7632"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7632"
},
{
"trust": 0.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=22113exploitthird party advisory"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159067"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"db": "NVD",
"id": "CVE-2019-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-159067"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"db": "NVD",
"id": "CVE-2019-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-159067"
},
{
"date": "2019-03-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"date": "2019-02-08T05:29:01.197000",
"db": "NVD",
"id": "CVE-2019-7632"
},
{
"date": "2019-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-159067"
},
{
"date": "2019-03-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001676"
},
{
"date": "2019-02-08T19:30:47.563000",
"db": "NVD",
"id": "CVE-2019-7632"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural LifeSize Product In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001676"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-174"
}
],
"trust": 0.6
}
}
VAR-201109-0091
Vulnerability from variot - Updated: 2023-12-18 12:10The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php. LifeSize Room is a high definition video conferencing device. LifeSize Room is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass authentication or execute arbitrary commands in the context of the application. LifeSize Room versions 3.5.3 and 4.7.18 are affected; other versions may also be vulnerable. Unauthenticated OS command injection is possible through the web interface. The easiest way to perform these attacks is using a web proxy.
Authentication By Pass:
Following the request to /gateway.php that references the LSRoom_Remoting.authenticate function, modify the AMF data in the response from the server to change "false" to "true" Example: Original False AMF: "\x0d\x0a\x0d\x0a\x00\x00\x00\x00\x00\x01\x00\x0c\x2f\x35\x37\x2f\x6f\x6e\x52\x65\x73\x75\x6c\x74\x00\x04\x6e\x75\x6c\x6c\x00\x00\x00\x02\x01\x00" Modified True AMF: "\x0d\x0a\x0d\x0a\x00\x00\x00\x00\x00\x01\x00\x0c\x2f\x35\x37\x2f\x6f\x6e\x52\x65\x73\x75\x6c\x74\x00\x04\x6e\x75\x6c\x6c\xff\xff\xff\xff\x01\x01"
Command Injection:
The request to /gateway.php references a vulnerable function LSRoom_Remoting.doCommand within the encoded AMF data. The original parameter for the vulnerable function is "pref -l /var/system/upgrade/status" Replace this part with the command to be executed. Authentication to the web application is not necessary however a valid PHP session ID must be passed within the request.
References:
CVE-2011-2762 - authentication bypass CVE-2011-2763 - OS command injection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0091",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "room appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "lifesize",
"version": "ls_rm1_3.5.3"
},
{
"model": "communications lifesize room",
"scope": "eq",
"trust": 0.9,
"vendor": "lifesize",
"version": "3.5.3"
},
{
"model": "communications lifesize room",
"scope": "eq",
"trust": 0.9,
"vendor": "lifesize",
"version": "4.7.18"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "logitech",
"version": null
},
{
"model": "room",
"scope": "eq",
"trust": 0.8,
"vendor": "lifesize",
"version": "ls_rm1_3.5.3 (11)"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "CNVD",
"id": "CNVD-2011-3535"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"db": "NVD",
"id": "CVE-2011-2762"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lifesize:lifesize_room_appliance_software:ls_rm1_3.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:lifesize_room_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2762"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spencer McIntyre",
"sources": [
{
"db": "BID",
"id": "49330"
},
{
"db": "PACKETSTORM",
"id": "104535"
}
],
"trust": 0.4
},
"cve": "CVE-2011-2762",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-2762",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-2762",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#213486",
"trust": 0.8,
"value": "1.36"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-001",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"db": "NVD",
"id": "CVE-2011-2762"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a \"true\" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php. LifeSize Room is a high definition video conferencing device. LifeSize Room is prone to a security-bypass vulnerability and a command-injection vulnerability. \nExploiting these issues could allow an attacker to bypass authentication or execute arbitrary commands in the context of the application. \nLifeSize Room versions 3.5.3 and 4.7.18 are affected; other versions may also be vulnerable. \nUnauthenticated OS command injection is possible through the web interface. \nThe easiest way to perform these attacks is using a web proxy. \n\n\nAuthentication By Pass:\n-----------------------\nFollowing the request to /gateway.php that references the LSRoom_Remoting.authenticate\nfunction, modify the AMF data in the response from the server to change \"false\" to \"true\"\nExample:\nOriginal False AMF: \"\\x0d\\x0a\\x0d\\x0a\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x0c\\x2f\\x35\\x37\\x2f\\x6f\\x6e\\x52\\x65\\x73\\x75\\x6c\\x74\\x00\\x04\\x6e\\x75\\x6c\\x6c\\x00\\x00\\x00\\x02\\x01\\x00\"\nModified True AMF: \"\\x0d\\x0a\\x0d\\x0a\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x0c\\x2f\\x35\\x37\\x2f\\x6f\\x6e\\x52\\x65\\x73\\x75\\x6c\\x74\\x00\\x04\\x6e\\x75\\x6c\\x6c\\xff\\xff\\xff\\xff\\x01\\x01\"\n\n\nCommand Injection:\n------------------\nThe request to /gateway.php references a vulnerable function LSRoom_Remoting.doCommand\nwithin the encoded AMF data. The original parameter for the vulnerable function is\n\"pref -l /var/system/upgrade/status\" Replace this part with the command to be executed. \nAuthentication to the web application is not necessary however a valid PHP session ID\nmust be passed within the request. \n\n\nReferences:\n-----------\nCVE-2011-2762 - authentication bypass\nCVE-2011-2763 - OS command injection\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2762"
},
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"db": "CNVD",
"id": "CNVD-2011-3535"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "PACKETSTORM",
"id": "104535"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-2762",
"trust": 3.4
},
{
"db": "BID",
"id": "49330",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#213486",
"trust": 3.2
},
{
"db": "XF",
"id": "69445",
"trust": 1.4
},
{
"db": "SREASON",
"id": "8364",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "75211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002226",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3535",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20110828 LIFESIZE ROOM VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-001",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "104535",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "CNVD",
"id": "CNVD-2011-3535"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"db": "PACKETSTORM",
"id": "104535"
},
{
"db": "NVD",
"id": "CVE-2011-2762"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
]
},
"id": "VAR-201109-0091",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3535"
}
],
"trust": 1.4333333000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3535"
}
]
},
"last_update_date": "2023-12-18T12:10:31.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeSize Room",
"trust": 0.8,
"url": "http://www.lifesize.com/products/video/lifesize_room_series/room.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002226"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"db": "NVD",
"id": "CVE-2011-2762"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/49330"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/213486"
},
{
"trust": 1.6,
"url": "http://www.securestate.com/documents/lifesize_room_advisory.txt"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/69445"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8364"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/519463/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69445"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2762"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu213486"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2762"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75211"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/519463/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.lifesize.com/products/video/lifesize_room_series/room.aspx"
},
{
"trust": 0.1,
"url": "https://www.securestate.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2763"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "CNVD",
"id": "CNVD-2011-3535"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"db": "PACKETSTORM",
"id": "104535"
},
{
"db": "NVD",
"id": "CVE-2011-2762"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "CNVD",
"id": "CNVD-2011-3535"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"db": "PACKETSTORM",
"id": "104535"
},
{
"db": "NVD",
"id": "CVE-2011-2762"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-29T00:00:00",
"db": "CERT/CC",
"id": "VU#213486"
},
{
"date": "2011-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3535"
},
{
"date": "2011-08-26T00:00:00",
"db": "BID",
"id": "49330"
},
{
"date": "2011-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"date": "2011-08-28T21:18:57",
"db": "PACKETSTORM",
"id": "104535"
},
{
"date": "2011-09-02T16:55:04.803000",
"db": "NVD",
"id": "CVE-2011-2762"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-19T00:00:00",
"db": "CERT/CC",
"id": "VU#213486"
},
{
"date": "2011-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3535"
},
{
"date": "2011-08-26T00:00:00",
"db": "BID",
"id": "49330"
},
{
"date": "2011-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002226"
},
{
"date": "2018-10-09T19:33:01.543000",
"db": "NVD",
"id": "CVE-2011-2762"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LifeSize Room appliance authentication bypass and arbitrary code injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-001"
}
],
"trust": 0.6
}
}
VAR-201109-0092
Vulnerability from variot - Updated: 2023-12-18 12:10The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. LifeSize Room appliance contains an authentication bypass and arbitrary code injection vulnerability when failing to sanitize input from unauthenticated clients. LifeSize Room is a high definition video conferencing device. LifeSize Room is prone to a security-bypass vulnerability and a command-injection vulnerability. LifeSize Room versions 3.5.3 and 4.7.18 are affected; other versions may also be vulnerable. Discovered: 07-13-11 By: Spencer McIntyre (zeroSteiner) SecureState R&D Team www.securestate.com
Background:
Multiple vulnerabilities within the LifeSize Room appliance.
Vulnerability Summaries:
Login page can be bypassed, granting administrative access to the web interface. Unauthenticated OS command injection is possible through the web interface. The easiest way to perform these attacks is using a web proxy.
Authentication By Pass:
Following the request to /gateway.php that references the LSRoom_Remoting.authenticate function, modify the AMF data in the response from the server to change "false" to "true" Example: Original False AMF: "\x0d\x0a\x0d\x0a\x00\x00\x00\x00\x00\x01\x00\x0c\x2f\x35\x37\x2f\x6f\x6e\x52\x65\x73\x75\x6c\x74\x00\x04\x6e\x75\x6c\x6c\x00\x00\x00\x02\x01\x00" Modified True AMF: "\x0d\x0a\x0d\x0a\x00\x00\x00\x00\x00\x01\x00\x0c\x2f\x35\x37\x2f\x6f\x6e\x52\x65\x73\x75\x6c\x74\x00\x04\x6e\x75\x6c\x6c\xff\xff\xff\xff\x01\x01"
Command Injection:
The request to /gateway.php references a vulnerable function LSRoom_Remoting.doCommand within the encoded AMF data. The original parameter for the vulnerable function is "pref -l /var/system/upgrade/status" Replace this part with the command to be executed. Authentication to the web application is not necessary however a valid PHP session ID must be passed within the request.
References:
CVE-2011-2762 - authentication bypass CVE-2011-2763 - OS command injection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "room appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": "ls_rm1_3.5.3"
},
{
"model": "room appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "lifesize",
"version": "4.7.18"
},
{
"model": "communications lifesize room",
"scope": "eq",
"trust": 0.9,
"vendor": "lifesize",
"version": "3.5.3"
},
{
"model": "communications lifesize room",
"scope": "eq",
"trust": 0.9,
"vendor": "lifesize",
"version": "4.7.18"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "logitech",
"version": null
},
{
"model": "room",
"scope": "eq",
"trust": 0.8,
"vendor": "lifesize",
"version": "4.7.18"
},
{
"model": "room",
"scope": "eq",
"trust": 0.8,
"vendor": "lifesize",
"version": "ls_rm1_3.5.3 (11)"
},
{
"model": "room appliance",
"scope": null,
"trust": 0.6,
"vendor": "lifesize",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "CNVD",
"id": "CNVD-2011-3534"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"db": "NVD",
"id": "CVE-2011-2763"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lifesize:lifesize_room_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lifesize:lifesize_room_appliance_software:ls_rm1_3.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lifesize:lifesize_room_appliance_software:4.7.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2763"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spencer McIntyre",
"sources": [
{
"db": "BID",
"id": "49330"
},
{
"db": "PACKETSTORM",
"id": "104535"
}
],
"trust": 0.4
},
"cve": "CVE-2011-2763",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-2763",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-2763",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#213486",
"trust": 0.8,
"value": "1.36"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-002",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"db": "NVD",
"id": "CVE-2011-2763"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. LifeSize Room appliance contains an authentication bypass and arbitrary code injection vulnerability when failing to sanitize input from unauthenticated clients. LifeSize Room is a high definition video conferencing device. LifeSize Room is prone to a security-bypass vulnerability and a command-injection vulnerability. \nLifeSize Room versions 3.5.3 and 4.7.18 are affected; other versions may also be vulnerable. Discovered: 07-13-11\nBy: Spencer McIntyre (zeroSteiner) SecureState R\u0026D Team\nwww.securestate.com\n\n\nBackground:\n-----------\nMultiple vulnerabilities within the LifeSize Room appliance. \n\n\nVulnerability Summaries:\n------------------------\nLogin page can be bypassed, granting administrative access to the web interface. \nUnauthenticated OS command injection is possible through the web interface. \nThe easiest way to perform these attacks is using a web proxy. \n\n\nAuthentication By Pass:\n-----------------------\nFollowing the request to /gateway.php that references the LSRoom_Remoting.authenticate\nfunction, modify the AMF data in the response from the server to change \"false\" to \"true\"\nExample:\nOriginal False AMF: \"\\x0d\\x0a\\x0d\\x0a\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x0c\\x2f\\x35\\x37\\x2f\\x6f\\x6e\\x52\\x65\\x73\\x75\\x6c\\x74\\x00\\x04\\x6e\\x75\\x6c\\x6c\\x00\\x00\\x00\\x02\\x01\\x00\"\nModified True AMF: \"\\x0d\\x0a\\x0d\\x0a\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x0c\\x2f\\x35\\x37\\x2f\\x6f\\x6e\\x52\\x65\\x73\\x75\\x6c\\x74\\x00\\x04\\x6e\\x75\\x6c\\x6c\\xff\\xff\\xff\\xff\\x01\\x01\"\n\n\nCommand Injection:\n------------------\nThe request to /gateway.php references a vulnerable function LSRoom_Remoting.doCommand\nwithin the encoded AMF data. The original parameter for the vulnerable function is\n\"pref -l /var/system/upgrade/status\" Replace this part with the command to be executed. \nAuthentication to the web application is not necessary however a valid PHP session ID\nmust be passed within the request. \n\n\nReferences:\n-----------\nCVE-2011-2762 - authentication bypass\nCVE-2011-2763 - OS command injection\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2763"
},
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"db": "CNVD",
"id": "CNVD-2011-3534"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "PACKETSTORM",
"id": "104535"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-2763",
"trust": 3.4
},
{
"db": "BID",
"id": "49330",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#213486",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "17743",
"trust": 1.6
},
{
"db": "XF",
"id": "69444",
"trust": 1.4
},
{
"db": "SREASON",
"id": "8527",
"trust": 1.0
},
{
"db": "SREASON",
"id": "8363",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "75212",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002227",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3534",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20110828 LIFESIZE ROOM VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-002",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "104535",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "CNVD",
"id": "CNVD-2011-3534"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"db": "PACKETSTORM",
"id": "104535"
},
{
"db": "NVD",
"id": "CVE-2011-2763"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
]
},
"id": "VAR-201109-0092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3534"
}
],
"trust": 1.4333333000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3534"
}
]
},
"last_update_date": "2023-12-18T12:10:31.918000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LifeSize Room",
"trust": 0.8,
"url": "http://www.lifesize.com/products/video/lifesize_room_series/room.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"db": "NVD",
"id": "CVE-2011-2763"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/49330"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/213486"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17743"
},
{
"trust": 1.6,
"url": "http://www.securestate.com/documents/lifesize_room_advisory.txt"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/69444"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8363"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8527"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/519463/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69444"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2763"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu213486"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2763"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75212"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/519463/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.lifesize.com/products/video/lifesize_room_series/room.aspx"
},
{
"trust": 0.1,
"url": "https://www.securestate.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2763"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "CNVD",
"id": "CNVD-2011-3534"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"db": "PACKETSTORM",
"id": "104535"
},
{
"db": "NVD",
"id": "CVE-2011-2763"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#213486"
},
{
"db": "CNVD",
"id": "CNVD-2011-3534"
},
{
"db": "BID",
"id": "49330"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"db": "PACKETSTORM",
"id": "104535"
},
{
"db": "NVD",
"id": "CVE-2011-2763"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-29T00:00:00",
"db": "CERT/CC",
"id": "VU#213486"
},
{
"date": "2011-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3534"
},
{
"date": "2011-08-26T00:00:00",
"db": "BID",
"id": "49330"
},
{
"date": "2011-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"date": "2011-08-28T21:18:57",
"db": "PACKETSTORM",
"id": "104535"
},
{
"date": "2011-09-02T16:55:04.943000",
"db": "NVD",
"id": "CVE-2011-2763"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-19T00:00:00",
"db": "CERT/CC",
"id": "VU#213486"
},
{
"date": "2011-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3534"
},
{
"date": "2011-08-26T00:00:00",
"db": "BID",
"id": "49330"
},
{
"date": "2011-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002227"
},
{
"date": "2018-10-09T19:33:02.153000",
"db": "NVD",
"id": "CVE-2011-2763"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LifeSize Room appliance authentication bypass and arbitrary code injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#213486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-002"
}
],
"trust": 0.6
}
}