Local Privilege Escalation in Polycom RealPresence Resource Manager
CVE-2015-4685

7HIGH

Key Information:

Vendor

Polycom

Status
Realpresence Resource Manager
Vendor
CVE Published:
19 September 2017

What is CVE-2015-4685?

A vulnerability in Polycom RealPresence Resource Manager prior to version 8.4 allows local users with access to the plcm account to exploit a misconfiguration in the sudo settings. This weakness can lead to unauthorized privilege escalation, potentially enabling attackers to execute scripts and commands with elevated rights from the /var/polycom/cma/upgrade/scripts directory, threatening the integrity and security of the system.

References

http://www.securityfocus.com/archive/1/535852/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/132463/Polycom-RealP...
x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Jun/81
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.