CVE-2015-4685

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 7

CVSS2: 4.4

EPSS Низкий

Описание

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

Ссылки

http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/81
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
Third Party Advisory
VDB Entry
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
Vendor Advisory
https://www.exploit-db.com/exploits/37449/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/81
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
Third Party Advisory
VDB Entry
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
Vendor Advisory
https://www.exploit-db.com/exploits/37449/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:polycom:realpresence_resource_manager:*:*:*:*:*:*:*:*

Версия до 8.3.2 (включая)

EPSS

Процентиль: 41%

0.00186

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-jjvr-cr6v-6j24