Vulnerability Details CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.112
EPSS Ranking 93.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://atomic111.github.io/article/lifesize-icon-remote-code-execution
- https://www.lifesize.com/en/video-conferencing-cameras
- https://www.sva.de/solutions/it-security.html
- https://atomic111.github.io/article/lifesize-icon-remote-code-execution
- https://www.lifesize.com/en/video-conferencing-cameras
- https://www.sva.de/solutions/it-security.html
Products affected by CVE-2019-3702
-
cpe:2.3:h:lifesize:icon_300:-
-
cpe:2.3:h:lifesize:icon_500:-
-
cpe:2.3:h:lifesize:icon_700:-
-
cpe:2.3:o:lifesize:icon_300_firmware:ls_rm3_3.7.0(2421)
-
cpe:2.3:o:lifesize:icon_500_firmware:ls_rm3_3.7.0(2421)
-
cpe:2.3:o:lifesize:icon_700_firmware:ls_rm3_3.7.0(2421)