CVE-2019-15742

HIGH

Poly Plantronics Hub <3.14 - Privilege Escalation

Title source: llm

Description

A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/47944

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Markus Krell, bcoles · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/plantronics_hub_spokesupdateservice_privesc.rb

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155952/Plantronics-Hub-SpokesUpdateService-Privilege-Escalation.html

Scores

CVSS v3 7.8

EPSS 0.0876

EPSS Percentile 92.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

plantronics/plantronics_hub < 3.14

Published Jan 17, 2020

Tracked Since Feb 18, 2026