Vulnerability Details CVE-2019-7632
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.072
EPSS Ranking 91.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2019-7632
-
cpe:2.3:h:lifesize:networker_220:-
-
cpe:2.3:h:lifesize:passport_220:-
-
cpe:2.3:h:lifesize:room_220:-
-
cpe:2.3:h:lifesize:team_220:-
-
cpe:2.3:o:lifesize:networker_220_firmware:-
-
cpe:2.3:o:lifesize:passport_220_firmware:-
-
cpe:2.3:o:lifesize:room_220_firmware:-
-
cpe:2.3:o:lifesize:team_220_firmware:-