Command execution in Lifesize products



Published: 2019-02-08
Risk High
Patch available NO
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-78
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Lifesize Networker
Client/Desktop applications / Office applications

Lifesize Passport
Client/Desktop applications / Office applications

Lifesize Room
Client/Desktop applications / Office applications

Lifesize Team
Client/Desktop applications / Office applications

Vendor Lifesize, Inc.

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) OS Command Injection

EUVDB-ID: #VU17440

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: N/A

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary shell commands.

The vulnerability exists due to a user input is taken as is from $_REQUEST['mtu_size'] and than passed without any validation into "shell_exec". A remote attacker can trick the victim into visiting a malicious page or opening a malicious file, inject arbitrary shell commands and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

Vulnerable software versions

Lifesize Networker: All versions

Lifesize Passport: All versions

Lifesize Room: All versions

Lifesize Team: All versions

External links

http://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=22113


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###