PT-2011-4072 · Lifesize · Lifesize Room

Spencer Mcintyre

Publicado

2011-09-02

Atualizado

2018-10-09

CVE-2011-2762

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions LifeSize Room appliance version 3.5.3

Description The issue allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom Remoting.authenticate function in the "gateway.php" endpoint.

Recommendations For version 3.5.3, consider restricting access to the gateway.php endpoint until a patch is available. As a temporary workaround, disabling the LSRoom Remoting.authenticate function may help mitigate the risk of exploitation.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2011-2762

Produtos afetados

Lifesize Room

PT-2011-4072 · Lifesize · Lifesize Room

CVE-2011-2762

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7