Vulnerabilities > CVE-2019-15742 - Unspecified vulnerability in Plantronics HUB
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
id | EDB-ID:47944 |
last seen | 2020-01-17 |
modified | 2020-01-17 |
published | 2020-01-17 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/47944 |
title | Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit) |
Metasploit
description | The Plantronics Hub client application for Windows makes use of an automatic update service `SpokesUpdateService.exe` which automatically executes a file specified in the `MajorUpgrade.config` configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64). |
id | MSF:EXPLOIT/WINDOWS/LOCAL/PLANTRONICS_HUB_SPOKESUPDATESERVICE_PRIVESC |
last seen | 2020-06-12 |
modified | 2020-05-08 |
published | 2020-01-03 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/plantronics_hub_spokesupdateservice_privesc.rb |
title | Plantronics Hub SpokesUpdateService Privilege Escalation |
Packetstorm
data source | https://packetstormsecurity.com/files/download/155952/plantronics_hub_spokesupdateservice_privesc.rb.txt |
id | PACKETSTORM:155952 |
last seen | 2020-01-15 |
published | 2020-01-15 |
reporter | Brendan Coles |
source | https://packetstormsecurity.com/files/155952/Plantronics-Hub-SpokesUpdateService-Privilege-Escalation.html |
title | Plantronics Hub SpokesUpdateService Privilege Escalation |