Polycom BTOE Connector 2.3.0 Local Privilege Escalation

2015.11.26
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-264


Ogólna skala CVSS: 7.2/10
Znaczenie: 10/10
Łatwość wykorzystania: 3.9/10
Wymagany dostęp: Lokalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

#### Title: Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges. #### Type of vulnerability: Privilege Escalation ##### Exploitation vector: local ##### Attack outcome: Code execution with SYSTEM privileges. #### Impact: CVSS Base Score 6,2 CVSS v2 Vector (AV:L/AC:L/Au:S/C:C/I:C/A:N) #### Software/Product name: Polycom BToE Connector #### Affected versions: All Versions including 2.3.0 #### Fixed in version: Version 3.0.0 (Released March 2015) #### Vendor: Polycom Inc. #### CVE number: CVE-2015-8300 #### Timeline * `2014-12-19` identification of vulnerability * `2015-01-01` vendor contacted via customer * `2015-03-01` vendor released fixed version 3.0.0 * `2015-07-14` contact cve-request@mitre. #### Credits: Severin Winkler `swinkler@sba-research.org` (SBA Research) Ulrich Bayer `ubayer@sba-research.org` (SBA Research) #### References: Download secure version 3.0.0 http://support.polycom.com/PolycomService/support/us/support/eula/ucs/UCagreement_BToE_3_0_0.html #### Description: The Polycom BToE Connector Version up to version 2.3.0 allows a local user to gain local administrator privileges. The software creates a windows service running with SYSTEM privileges using the following file (standard installation path): C:\program files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe The default installation allows everyone to replace the plcmbtoesrv.exe file allowing unprivileged users to execute arbitrary commands on the windows host. #### Proof-of-concept: *none*

Referencje:

http://support.polycom.com/PolycomService/support/us/support/eula/ucs/UCagreement_BToE_3_0_0.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top