Vulnerabilities > CVE-2019-15742 - Unspecified vulnerability in Plantronics HUB

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
plantronics
exploit available
metasploit

Summary

A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.

Vulnerable Configurations

Part Description Count
Application
Plantronics
1

Exploit-Db

idEDB-ID:47944
last seen2020-01-17
modified2020-01-17
published2020-01-17
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47944
titlePlantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)

Metasploit

descriptionThe Plantronics Hub client application for Windows makes use of an automatic update service `SpokesUpdateService.exe` which automatically executes a file specified in the `MajorUpgrade.config` configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).
idMSF:EXPLOIT/WINDOWS/LOCAL/PLANTRONICS_HUB_SPOKESUPDATESERVICE_PRIVESC
last seen2020-06-12
modified2020-05-08
published2020-01-03
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/plantronics_hub_spokesupdateservice_privesc.rb
titlePlantronics Hub SpokesUpdateService Privilege Escalation

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/155952/plantronics_hub_spokesupdateservice_privesc.rb.txt
idPACKETSTORM:155952
last seen2020-01-15
published2020-01-15
reporterBrendan Coles
sourcehttps://packetstormsecurity.com/files/155952/Plantronics-Hub-SpokesUpdateService-Privilege-Escalation.html
titlePlantronics Hub SpokesUpdateService Privilege Escalation