CVE-2012-6611

Опубликовано: 10 фев. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.

Ссылки

https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/43032
Exploit
Third Party Advisory
VDB Entry
https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/43032
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:polycom:hdx_system_software:*:*:*:*:*:*:*:*

Версия до 3.0.5 (включая)

Одно из

cpe:2.3:h:polycom:hdx_4002:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_4500:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_6000:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_7001:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_7002:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_8002:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_8004:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_8006:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_9002:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_9004:-:*:*:*:*:*:*:*

cpe:2.3:h:polycom:hdx_9006:-:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.01008

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-2287-fg86-7725

github

около 3 лет назад

Polycom HDX Video End Points before 3.0 allows attackers to read arbitrary files via a .. (dot dot) in the name parameter to a_getlog.cgi.