Attacker Value
Low
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2011-2763

Disclosure Date: September 02, 2011
CVE-2011-2763
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.

Add Assessment

1
Ratings
  • Attacker Value
    Low
  • Exploitability
    Very High
Technical Analysis

The request to /gateway.php references a vulnerable function LSRoom_Remoting.doCommand within the encoded AMF data. The original parameter for the vulnerable function is “pref -l /var/system/upgrade/status” Replace this part with the command to be executed. Authentication to the web application is not necessary however a valid PHP session ID must be passed within the request.

Log in to Add Reply

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/unix/http/lifesize_room
Reporter
Unknown
Technical Analysis