|Number of vulnerabilities||1|
|Vulnerable software versions||
Lifesize Networker -
Lifesize Passport -
Lifesize Room -
Lifesize Team -
|Vendor URL||Lifesize, Inc.|
The vulnerability allows a remote authenticated attacker to execute arbitrary shell commands.
The vulnerability exists due to a user input is taken as is from $_REQUEST['mtu_size'] and than passed without any validation into "shell_exec". A remote attacker can trick the victim into visiting a malicious page or opening a malicious file, inject arbitrary shell commands and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.Remediation
Cybersecurity Help is currently unaware of any official solution to address the vulnerability.External links