MidnightBSD

Advisories for lifesize

CVE-2011-2762 MEDIUM

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
lifesize lifesize_room_appliance_software ls_rm1_3.5.3
CVE-2011-2763 HIGH

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lifesize lifesize_room_appliance_software ls_rm1_3.5.3
lifesize lifesize_room_appliance_software 4.7.18
CVE-2018-17981 MEDIUM

Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lifesize express_220_firmware ls_ex2_4.7.10_2000_(14)
lifesize room_220i_firmware ls_rm2_4.11.8_(14)
CVE-2019-3702 MEDIUM

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lifesize icon_300_firmware ls_rm3_3.7.0(2421)
lifesize icon_700_firmware ls_rm3_3.7.0(2421)
lifesize icon_500_firmware ls_rm3_3.7.0(2421)
CVE-2019-7632 HIGH

LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lifesize networker_220_firmware -
lifesize team_220_firmware -
lifesize passport_220_firmware -
lifesize room_220_firmware -