CVE-2011-2763
7.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.436 Medium
EPSS
Percentile
97.3%
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.
References
securityreason.com/securityalert/8363
securityreason.com/securityalert/8527
www.exploit-db.com/exploits/17743
www.kb.cert.org/vuls/id/213486
www.securestate.com/Documents/LifeSize_Room_Advisory.txt
www.securityfocus.com/archive/1/519463/100/0/threaded
www.securityfocus.com/bid/49330
exchange.xforce.ibmcloud.com/vulnerabilities/69444
Related
7.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.436 Medium
EPSS
Percentile
97.3%