CVE-2019-3702

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lifesize:icon_300_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lifesize:icon_500_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lifesize:icon_700_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_700:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-13 17:29

Updated : 2024-02-28 17:08


NVD link : CVE-2019-3702

Mitre link : CVE-2019-3702

CVE.ORG link : CVE-2019-3702


JSON object : View

Products Affected

lifesize

  • icon_500_firmware
  • icon_700_firmware
  • icon_700
  • icon_500
  • icon_300
  • icon_300_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')