CVE-2015-8300

Опубликовано: 28 авг. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.

Ссылки

http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Nov/88
Mailing List
Third Party Advisory
https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513
http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Nov/88
Mailing List
Third Party Advisory
https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:polycom:btoe_connector:*:*:*:*:*:*:*:*

Версия до 2.3.0 (включая)

EPSS

Процентиль: 12%

0.00041

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-275

Связанные уязвимости

GHSA-5872-5h7r-356m