What is CVE-2011-2763?

CVE-2011-2763 is a vulnerability in Lifesize Lifesize_room_appliance, classified under Improper Input Validation. Published 2011-09-02.

Is CVE-2011-2763 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Lifesize Lifesize_room_appliance

CVE-2011-2763

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.707 (98.7th percentile) — read the EPSS interpretation.

Affected products

Lifesize Lifesize_room_appliance
Lifesize Lifesize_room_appliance_software — versions 4.7.18, ls_rm1_3.5.3
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

rapid7/metasploit-framework

References

lifesize-room-command-execution(69444) (vdb-entry, x_refsource_XF)
17743 (Exploit, exploit, x_refsource_EXPLOIT-DB)
8527 (x_refsource_SREASON, third-party-advisory)
49330 (Exploit, vdb-entry, x_refsource_BID)
20110828 LifeSize Room Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
VU#213486 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
8363 (x_refsource_SREASON, third-party-advisory)

Frequently asked questions

What is CVE-2011-2763?: CVE-2011-2763 is a vulnerability in Lifesize Lifesize_room_appliance, classified under Improper Input Validation. Published 2011-09-02.
Is CVE-2011-2763 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.