CVE-2011-2763

Exploit

EPSS 70.15%
Veröffentlicht 02.09.2011 16:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lifesize ≫ Lifesize Room Appliance Software Version4.7.18

Lifesize ≫ Lifesize Room Appliance

Lifesize ≫ Lifesize Room Appliance Software Versionls_rm1_3.5.3

Lifesize ≫ Lifesize Room Appliance

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	70.15%	0.986

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.kb.cert.org/vuls/id/213486

US Government Resource

http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt

Exploit

http://www.securityfocus.com/archive/1/519463/100/0/threaded

http://www.securityfocus.com/bid/49330

Exploit

http://securityreason.com/securityalert/8363

http://securityreason.com/securityalert/8527

http://www.exploit-db.com/exploits/17743

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/69444