CVE-2019-3702

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lifesize:icon_300_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lifesize:icon_500_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lifesize:icon_700_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_700:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:42

Type Values Removed Values Added
References () https://atomic111.github.io/article/lifesize-icon-remote-code-execution - Exploit, Third Party Advisory () https://atomic111.github.io/article/lifesize-icon-remote-code-execution - Exploit, Third Party Advisory
References () https://www.lifesize.com/en/video-conferencing-cameras - Product, Vendor Advisory () https://www.lifesize.com/en/video-conferencing-cameras - Product, Vendor Advisory
References () https://www.sva.de/solutions/it-security.html - Not Applicable () https://www.sva.de/solutions/it-security.html - Not Applicable

Information

Published : 2019-05-13 17:29

Updated : 2024-11-21 04:42


NVD link : CVE-2019-3702

Mitre link : CVE-2019-3702

CVE.ORG link : CVE-2019-3702


JSON object : View

Products Affected

lifesize

  • icon_500_firmware
  • icon_300_firmware
  • icon_700_firmware
  • icon_300
  • icon_700
  • icon_500
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')