Authentication Bypass in LifeSize Room Appliance Remote Interface
CVE-2011-2762

Currently unrated

Key Information:

Vendor: Lifesize
Status: Lifesize Room Appliance Software
Vendor: CVE Published:; 2 September 2011

What is CVE-2011-2762?

The web interface of the LifeSize Room appliance LS_RM1_3.5.3 (11) has a vulnerability that enables remote attackers to circumvent the authentication mechanism. This flaw arises from the handling of AMF data in the LSRoom_Remoting.authenticate function located in gateway.php, which can potentially grant unauthorized access to sensitive features of the device.

References

http://www.securityfocus.com/bid/49330

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/69445

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/519463/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2011
Vulnerability Reserved
Jul 19, 2011

CVE-2011-2762 Data

JSON

Lifesize

What is CVE-2011-2762?

References

Timeline