LifeSize ClearSea Directory Traversal Vulnerability Allowing Remote Code Execution
Vulnerability
A directory traversal vulnerability has been identified in LifeSize ClearSea version 3.1.4. This vulnerability allows authenticated attackers to manipulate path parameters in the smartgui interface to download and upload arbitrary files. Exploiting the upload endpoint with directory traversal sequences can lead to remote code execution by writing files to arbitrary locations on the system.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected system.
Reproduction
To reproduce this vulnerability, authenticate as an admin user on the LifeSize ClearSea Control Panel. Once authenticated, the directory traversal vulnerability can be exploited by sending a request to the smartgui media endpoint with crafted path parameters that traverse directories. This can be done using a script that automates the authentication process and uploads a file using directory traversal sequences to bypass file upload restrictions.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.