CVE-2015-4683

CRITICAL

Polycom RealPresence Resource Manager < 8.3.2 - Session ID Info Disclosure & Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4683. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) versions <8.4. It includes proof-of-concept details for unauthorized password disclosure, arbitrary file disclosure, and privilege escalation via sudo misconfiguration.

Description

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappshardware

https://www.exploit-db.com/exploits/37449

View Code ZIP pw:eip

This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) versions <8.4. It includes proof-of-concept details for unauthorized password disclosure, arbitrary file disclosure, and privilege escalation via sudo misconfiguration.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Polycom RealPresence Resource Manager (RPRM) <8.4

Auth required

Prerequisites: unprivileged authenticated access · valid user token

MITRE ATT&CK