CVE-2015-4685
CVE-2015-4685
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/37449/unverifiedexploitdbwww.exploit-db.com/exploits/37449unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.htmlhttp://seclists.org/fulldisclosure/2015/Jun/81https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdfhttps://www.exploit-db.com/exploits/37449/http://www.securityfocus.com/archive/1/535852/100/0/threadedhttp://www.securityfocus.com/bid/75432