CVE-2015-4682

MEDIUM

Polycom RealPresence Resource Manager < 8.3.2 - Authenticated Installation Path Exposure via JConfigManager

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4682. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) versions <8.4. It includes proof-of-concept details for unauthorized password disclosure, arbitrary file disclosure, and privilege escalation via sudo misconfiguration.

Description

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappshardware

https://www.exploit-db.com/exploits/37449

View Code ZIP pw:eip

This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) versions <8.4. It includes proof-of-concept details for unauthorized password disclosure, arbitrary file disclosure, and privilege escalation via sudo misconfiguration.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Polycom RealPresence Resource Manager (RPRM) <8.4

Auth required

Prerequisites: unprivileged authenticated access · valid user token

MITRE ATT&CK