LifeSize.Room.Security.Bypass.Command.Execution
Description
This indicates an attempt to exploit a Security Bypass vulnerability in LifeSize Communications.
This vulnerability is due to the lack of proper input validation for the command line arguments passed to the various URL protocol handlers. It is possible to trigger this exploit without user interaction, simply by visiting a webpage.
Affected Products
LifeSize Communications LifeSize Room 4.7.18
LifeSize Communications LifeSize Room 3.5.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any vendor supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |