CVE-2019-3702
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
90.6%
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lifesize | icon_300_firmware | ls_rm3_3.7.0(2421) | cpe:2.3:o:lifesize:icon_300_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:* |
| lifesize | icon_300 | - | cpe:2.3:h:lifesize:icon_300:-:*:*:*:*:*:*:* |
| lifesize | icon_500_firmware | ls_rm3_3.7.0(2421) | cpe:2.3:o:lifesize:icon_500_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:* |
| lifesize | icon_500 | - | cpe:2.3:h:lifesize:icon_500:-:*:*:*:*:*:*:* |
| lifesize | icon_700_firmware | ls_rm3_3.7.0(2421) | cpe:2.3:o:lifesize:icon_700_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:* |
| lifesize | icon_700 | - | cpe:2.3:h:lifesize:icon_700:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
90.6%