Auth bypass in Lifesize Lifesize_room_appliance

CVE-2011-2762

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authentica…

Vulnerability class: Broken Authentication

EPSS: 0.008 (75.0th percentile) — read the EPSS interpretation.

Affected products

Lifesize Lifesize_room_appliance
Lifesize Lifesize_room_appliance_software — versions ls_rm1_3.5.3
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

49330 (Exploit, vdb-entry, x_refsource_BID)
lifesize-room-security-bypass(69445) (vdb-entry, x_refsource_XF)
20110828 LifeSize Room Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
VU#213486 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
8364 (x_refsource_SREASON, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)