CVE-2019-7632
Last modified
CVE-2019-7632 is a vulnerability of currently unknown severity. LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.. EPSS estimates a 6.49% chance of exploitation in the next 30 days.
Description
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lifesize | Team 220 Firmware | All versions |
| Lifesize | Passport 220 Firmware | All versions |
| Lifesize | Networker 220 Firmware | All versions |
| Lifesize | Room 220 Firmware | All versions |
References
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=22113Exploit, Third Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=22113Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-7632?
How severe is CVE-2019-7632?
How do I fix CVE-2019-7632?
Are you affected by CVE-2019-7632?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST