CVE-2011-2762

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a true authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Lifesize_room_appliance_software	Lifesize	ls_rm1_3.5.3 (including)	ls_rm1_3.5.3 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://securityreason.com/securityalert/8364
http://www.kb.cert.org/vuls/id/213486
http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt
http://www.securityfocus.com/archive/1/519463/100/0/threaded
http://www.securityfocus.com/bid/49330
https://exchange.xforce.ibmcloud.com/vulnerabilities/69445
http://securityreason.com/securityalert/8364
http://www.kb.cert.org/vuls/id/213486
http://www.securestate.com/Documents/LifeSize_Room_Advisory.txt
http://www.securityfocus.com/archive/1/519463/100/0/threaded
http://www.securityfocus.com/bid/49330
https://exchange.xforce.ibmcloud.com/vulnerabilities/69445

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2762
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References