CVE-2019-3702

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lifesize:icon_300_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lifesize:icon_500_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lifesize:icon_700_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
cpe:2.3:h:lifesize:icon_700:-:*:*:*:*:*:*:*

Information

Published : 2019-05-13 10:29

Updated : 2021-07-21 04:39


NVD link : CVE-2019-3702

Mitre link : CVE-2019-3702


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

lifesize

  • icon_500_firmware
  • icon_700
  • icon_300_firmware
  • icon_300
  • icon_700_firmware
  • icon_500