LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.
Max CVSS
9.0
EPSS Score
0.21%
Published
2019-02-08
Updated
2019-02-08
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
Max CVSS
8.8
EPSS Score
2.41%
Published
2019-05-13
Updated
2021-07-21
Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter.
Max CVSS
6.1
EPSS Score
0.09%
Published
2020-01-22
Updated
2020-01-24

CVE-2011-2763

Public exploit
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.
Max CVSS
7.5
EPSS Score
35.95%
Published
2011-09-02
Updated
2018-10-09
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php.
Max CVSS
5.0
EPSS Score
1.03%
Published
2011-09-02
Updated
2018-10-09
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!