A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
References
Link | Resource |
---|---|
https://www.sva.de/solutions/it-security.html | Not Applicable |
https://www.lifesize.com/en/video-conferencing-cameras | Product Vendor Advisory |
https://atomic111.github.io/article/lifesize-icon-remote-code-execution | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2019-05-13 10:29
Updated : 2021-07-21 04:39
NVD link : CVE-2019-3702
Mitre link : CVE-2019-3702
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
lifesize
- icon_500_firmware
- icon_700
- icon_300_firmware
- icon_300
- icon_700_firmware
- icon_500