CVE-2015-4685

HIGH

Polycom RealPresence Resource Manager < 8.3.2 - Privilege Escalation via Sudo Misconfiguration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4685. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) versions <8.4. It includes proof-of-concept details for unauthorized password disclosure, arbitrary file disclosure, and privilege escalation via sudo misconfiguration.

Description

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappshardware

https://www.exploit-db.com/exploits/37449

View Code ZIP pw:eip

This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) versions <8.4. It includes proof-of-concept details for unauthorized password disclosure, arbitrary file disclosure, and privilege escalation via sudo misconfiguration.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Polycom RealPresence Resource Manager (RPRM) <8.4

Auth required

Prerequisites: unprivileged authenticated access · valid user token

MITRE ATT&CK