Skip to content
public
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
advisories/2015/Polycom_20150513/
advisories/2015/Polycom_20150513/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Polycom BToE Connector Privilege Escalation Vulnerability

Vulnerability Overview

Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges.

  • Identifier : Polycom_20150513
  • Type of Vulnerability : Privilege Escalation
  • Exploitation Vector : local
  • Software/Product Name : Polycom BToE Connector
  • Vendor : Polycom Inc.
  • Affected Versions : All Version including 2.3.0
  • Fixed in Version : Versions 3.0.0 (Released March 2015)
  • CVE ID : CVE-2015-8300
  • CVSSv2 Vector : (AV:L/AC:L/Au:S/C:C/I:C/A:N)
  • CVSSv2 Base Score : 6.2

Impact

Code execution with SYSTEM privileges.

Vulnerability Description

The Polycom BToE Connector Version up to version 2.3.0 allows a local user to gain local administrator privileges.

The software creates a windows service running with SYSTEM privileges using the following file (standard installation path):

C:\program files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe

The default installation allows everyone to replace the plcmbtoesrv.exe file allowing unprivileged users to execute arbitrary commands on the windows host.

Proof-of-Concept

none

Timeline

  • 2014-12-19 identification of vulnerability
  • 2015-01-01 vendor contacted via customer
  • 2015-03-01 vendor released fixed version 3.0.0
  • 2015-07-14 contact cve-request@mitre.

References

Credits