Описание
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
Ссылки
- ExploitThird Party Advisory
- ProductVendor Advisory
- Not Applicable
- ExploitThird Party Advisory
- ProductVendor Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:lifesize:icon_300_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_300:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:lifesize:icon_500_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_500:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:lifesize:icon_700_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_700:-:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10732
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
EPSS
Процентиль: 93%
0.10732
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-78