Remote Code Execution in LifeSize Room Appliance
CVE-2011-2763

Currently unrated

Key Information:

Vendor

Lifesize

Status
Lifesize Room Appliance Software
Vendor
CVE Published:
2 September 2011

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 70%

What is CVE-2011-2763?

The web interface of the LifeSize Room appliance in versions LS_RM1_3.5.3 and LS_RM1_4.7.18 is prone to a security flaw that enables remote attackers to execute arbitrary commands. This vulnerability arises from improper handling of requests to the LSRoom_Remoting.doCommand function located in gateway.php. Attackers exploiting this vulnerability can potentially gain unauthorized control over the appliance, leading to significant security implications.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-2763 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/69444
vdb-entryx_refsource_XF
http://www.exploit-db.com/exploits/17743
exploitx_refsource_EXPLOIT-DB
http://securityreason.com/securityalert/8527
third-party-advisoryx_refsource_SREASON

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.