Vulnerability Details : CVE-2011-2763
Public exploit exists!
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.
Vulnerability category: Input validation
Products affected by CVE-2011-2763
- cpe:2.3:a:lifesize:lifesize_room_appliance_software:ls_rm1_3.5.3:*:*:*:*:*:*:*When used together with: Lifesize » Lifesize Room Appliance
- cpe:2.3:a:lifesize:lifesize_room_appliance_software:4.7.18:*:*:*:*:*:*:*When used together with: Lifesize » Lifesize Room Appliance
Exploit prediction scoring system (EPSS) score for CVE-2011-2763
45.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-2763
-
LifeSize Room Command Injection
Disclosure Date: 2011-07-13First seen: 2020-04-26exploit/unix/http/lifesize_roomThis module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of payload options. Authors: - Spencer McIntyre
CVSS scores for CVE-2011-2763
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-2763
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2763
-
http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt
Secure State has joined RSM US LLP (RSM)Exploit
-
http://securityreason.com/securityalert/8363
LifeSize Room Command Injection - CXSecurity.com
-
http://securityreason.com/securityalert/8527
LifeSize Room Command Injection - CXSecurity.com
-
http://www.securityfocus.com/bid/49330
LifeSize Room Security Bypass and Command Injection VulnerabilitiesExploit
-
http://www.securityfocus.com/archive/1/519463/100/0/threaded
SecurityFocus
-
http://www.kb.cert.org/vuls/id/213486
VU#213486 - LifeSize Room appliance authentication bypass and arbitrary code injection vulnerabilityUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69444
LifeSize Room command execution CVE-2011-2763 Vulnerability Report
-
http://www.exploit-db.com/exploits/17743
LifeSize Room - Command Injection (Metasploit) - PHP webapps ExploitExploit
Jump to