Vulnerabilities for Realpresence resource manager (...) - CXSECURITY.COM

Vulnerabilities for 'Realpresence resource manager'

2017-09-19

CVE-2015-4685

CWE-264

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

CVE-2015-4684

CWE-255

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.

CVE-2015-4683

CWE-264

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

CVE-2015-4682

CWE-200

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.

CVE-2015-4681

CWE-255

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.

>>> Vendor: Polycom 29 Products

Viewstation 128

Viewstation 512

Viewstation dcp

Viewstation fx vs4000

Viewstation h.323

Viewstation sp 384

Viewstation v.35

Soundpoint ip 301

Soundpoint ip 650

Soundpoint ip 601

Hdx system software

Realpresence cloudaxis suite

Unified communications software

Realpresence resource manager

Qdx 6000 firmware

Vvx 500 firmware

Vvx 601 firmware

Better together over ethernet connector

Obihai obi1022 firmware

Copyright 2024, cxsecurity.com