Sign-up

ID

VAR-201902-0255


CVE

CVE-2019-7632


TITLE

plural LifeSize Product In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001676

DESCRIPTION

LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication. plural LifeSize Product Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LifeSize Team and others are a set of video conferencing solutions of American LifeSize Company. An operating system command injection vulnerability exists in several LifeSize products. An attacker could exploit this vulnerability to inject and run code on the system

Trust: 1.71

sources: NVD: CVE-2019-7632 // JVNDB: JVNDB-2019-001676 // VULHUB: VHN-159067

AFFECTED PRODUCTS

vendor:lifesizemodel:room 220scope:eqversion: -

Trust: 1.0

vendor:lifesizemodel:team 220scope:eqversion: -

Trust: 1.0

vendor:lifesizemodel:networker 220scope:eqversion: -

Trust: 1.0

vendor:lifesizemodel:passport 220scope:eqversion: -

Trust: 1.0

vendor:lifesizemodel:networker 220scope: - version: -

Trust: 0.8

vendor:lifesizemodel:passport 220scope: - version: -

Trust: 0.8

vendor:lifesizemodel:room 220scope: - version: -

Trust: 0.8

vendor:lifesizemodel:team 220scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-001676 // NVD: CVE-2019-7632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7632
value: HIGH

Trust: 1.0

NVD: CVE-2019-7632
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-174
value: HIGH

Trust: 0.6

VULHUB: VHN-159067
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7632
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-159067
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7632
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-159067 // JVNDB: JVNDB-2019-001676 // CNNVD: CNNVD-201902-174 // NVD: CVE-2019-7632

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-159067 // JVNDB: JVNDB-2019-001676 // NVD: CVE-2019-7632

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-174

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201902-174

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001676

PATCH
title:Productsurl:https://www.lifesize.com/en/resources/products
Trust: 0.8
title:Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89076
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001676 // 
            
            
            
            CNNVD: CNNVD-201902-174

EXTERNAL IDS
db:NVDid:CVE-2019-7632
Trust: 2.5
db:JVNDBid:JVNDB-2019-001676
Trust: 0.8
db:CNNVDid:CNNVD-201902-174
Trust: 0.7
db:VULHUBid:VHN-159067
Trust: 0.1
sources:
            
            
            VULHUB: VHN-159067 // 
            
            
            
            JVNDB: JVNDB-2019-001676 // 
            
            
            
            CNNVD: CNNVD-201902-174 // 
            
            
            
            NVD: CVE-2019-7632

REFERENCES
url:https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=22113
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-7632
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7632
Trust: 0.8
url:https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=22113exploitthird party advisory
Trust: 0.6
sources:
            
            
            VULHUB: VHN-159067 // 
            
            
            
            JVNDB: JVNDB-2019-001676 // 
            
            
            
            CNNVD: CNNVD-201902-174 // 
            
            
            
            NVD: CVE-2019-7632

SOURCES
db:VULHUBid:VHN-159067
db:JVNDBid:JVNDB-2019-001676
db:CNNVDid:CNNVD-201902-174
db:NVDid:CVE-2019-7632

LAST UPDATE DATE
2024-11-23T22:58:46.777000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-159067date:2019-02-08T00:00:00
db:JVNDBid:JVNDB-2019-001676date:2019-03-20T00:00:00
db:CNNVDid:CNNVD-201902-174date:2019-04-01T00:00:00
db:NVDid:CVE-2019-7632date:2024-11-21T04:48:25.843

SOURCES RELEASE DATE
db:VULHUBid:VHN-159067date:2019-02-08T00:00:00
db:JVNDBid:JVNDB-2019-001676date:2019-03-20T00:00:00
db:CNNVDid:CNNVD-201902-174date:2019-02-08T00:00:00
db:NVDid:CVE-2019-7632date:2019-02-08T05:29:01.197