Authenticated Remote OS Command Injection in LifeSize Devices

Authenticated Remote OS Command Injection in LifeSize Devices

CVE-2019-7632 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.

Learn more about our Network Penetration Testing.