ID

VAR-E-201511-0134

CVE

TITLE

Polycom BTOE Connector 2.3.0 Local Privilege Escalation

DESCRIPTION

Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges.

AFFECTED PRODUCTS

EXPLOIT

#### Title:
Polycom BToE Connector up to version 2.3.0 allows unprivileged windows
users to execute arbitrary code with SYSTEM privileges.

#### Type of vulnerability:
Privilege Escalation
##### Exploitation vector:
local
##### Attack outcome:
Code execution with SYSTEM privileges.
#### Impact:
CVSS Base Score 6,2
CVSS v2 Vector (AV:L/AC:L/Au:S/C:C/I:C/A:N)
#### Software/Product name:
Polycom BToE Connector
#### Affected versions:
All Versions including 2.3.0

#### Fixed in version:
Version 3.0.0 (Released March 2015)

#### Vendor:
Polycom Inc.
#### CVE number:
CVE-2015-8300
#### Timeline
* `2014-12-19` identification of vulnerability
* `2015-01-01` vendor contacted via customer
* `2015-03-01` vendor released fixed version 3.0.0
* `2015-07-14` contact cve-request@mitre.

#### Credits:
Severin Winkler `swinkler@sba-research.org` (SBA Research)
Ulrich Bayer `ubayer@sba-research.org` (SBA Research)
#### References:
Download secure version 3.0.0
http://support.polycom.com/PolycomService/support/us/support/eula/ucs/UCagreement_BToE_3_0_0.html

#### Description:
The Polycom BToE Connector Version up to version 2.3.0 allows a local
user to gain
local administrator privileges.

The software creates a windows service running with SYSTEM privileges
using the following file (standard installation path):

C:\program files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe

The default installation allows everyone to replace the plcmbtoesrv.exe
file allowing unprivileged users to execute arbitrary commands on the
windows host.

#### Proof-of-concept:
*none*

EXPLOIT HASH

PRICE

free

TYPE

arbitrary

TAGS

CREDITS

Ulrich Bayer, Severin Winkler

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

2022-07-27T10:00:50.952000+00:00

SOURCES RELEASE DATE