Vulnerabilities > CVE-2015-4684 - Credentials Management vulnerability in Polycom Realpresence Resource Manager

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
polycom
CWE-255
exploit available
NVD
Published: 2017-09-19
Updated: 2018-10-09

Summary

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.

Vulnerable Configurations

Part Description Count
Application
Polycom
6

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPolycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities. CVE-2015-4681,CVE-2015-4682,CVE-2015-4683,CVE-2015-4684,CVE-2015-4685. Webapps exp...
fileexploits/hardware/webapps/37449.txt
idEDB-ID:37449
last seen2016-02-04
modified2015-06-30
platformhardware
port
published2015-06-30
reporterSEC Consult
sourcehttps://www.exploit-db.com/download/37449/
titlePolycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/132463/SA-20150626-0.txt
idPACKETSTORM:132463
last seen2016-12-05
published2015-06-26
reporterRene Freingruber
sourcehttps://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
titlePolycom RealPresence Resource Manager (RPRM) Disclosure / Traversal

References