CVE-2015-4684

MEDIUM

Polycom RealPresence Resource Manager < 8.3.2 - Authenticated Directory Traversal and Arbitrary File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4684. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) versions <8.4. It includes proof-of-concept details for unauthorized password disclosure, arbitrary file disclosure, and privilege escalation via sudo misconfiguration.

Description

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappshardware

https://www.exploit-db.com/exploits/37449

View Code ZIP pw:eip

This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) versions <8.4. It includes proof-of-concept details for unauthorized password disclosure, arbitrary file disclosure, and privilege escalation via sudo misconfiguration.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Polycom RealPresence Resource Manager (RPRM) <8.4

Auth required

Prerequisites: unprivileged authenticated access · valid user token

MITRE ATT&CK