Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Published: 2017-09-19
Updated: 2024-11-21
Summary
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.
Vulnerable Configurations
Part | Description | Count |
Application | Polycom | 6 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities. CVE-2015-4681,CVE-2015-4682,CVE-2015-4683,CVE-2015-4684,CVE-2015-4685. Webapps exp... |
file | exploits/hardware/webapps/37449.txt |
id | EDB-ID:37449 |
last seen | 2016-02-04 |
modified | 2015-06-30 |
platform | hardware |
port | |
published | 2015-06-30 |
reporter | SEC Consult |
source | https://www.exploit-db.com/download/37449/ |
title | Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities |
type | webapps |