Vulnerability Details : CVE-2011-2762
Potential exploit
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php.
Products affected by CVE-2011-2762
- cpe:2.3:a:lifesize:lifesize_room_appliance_software:ls_rm1_3.5.3:*:*:*:*:*:*:*When used together with: Lifesize » Lifesize Room Appliance
Exploit prediction scoring system (EPSS) score for CVE-2011-2762
1.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2762
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-2762
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2762
-
http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt
Secure State has joined RSM US LLP (RSM)Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69445
LifeSize Room security bypass CVE-2011-2762 Vulnerability Report
-
http://www.securityfocus.com/bid/49330
LifeSize Room Security Bypass and Command Injection VulnerabilitiesExploit
-
http://www.securityfocus.com/archive/1/519463/100/0/threaded
SecurityFocus
-
http://www.kb.cert.org/vuls/id/213486
VU#213486 - LifeSize Room appliance authentication bypass and arbitrary code injection vulnerabilityUS Government Resource
-
http://securityreason.com/securityalert/8364
LifeSize Room Vulnerabilities - CXSecurity.com
Jump to