ID
VAR-201203-0516
TITLE
Polycom Directory Traversal Vulnerabilities and Command Injection Vulnerabilities
Trust: 0.6
DESCRIPTION
Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | polycom | model: | web management interface g3/hdx hd | scope: | eq | version: | 8000 | Trust: 0.3 |
| vendor: | polycom | model: | linux development platform 2.14.g3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | polycom | model: | hdx video end points | scope: | eq | version: | 2.6 | Trust: 0.3 |
| vendor: | polycom | model: | hdx | scope: | eq | version: | 80000 | Trust: 0.3 |
| vendor: | polycom | model: | durango build | scope: | eq | version: | 2.64740 | Trust: 0.3 |
| vendor: | polycom | model: | durango | scope: | eq | version: | 2.6 | Trust: 0.3 |
| vendor: | polycom | model: | uc apl 2.7.1.j | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | polycom | model: | hdx video end points | scope: | ne | version: | 3.0.4 | Trust: 0.3 |
| vendor: | polycom | model: | hdx video end points | scope: | ne | version: | 3.0 | Trust: 0.3 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 52301 | Trust: 0.9 |
| db: | CNNVD | id: | CNNVD-201203-053 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/52301 | Trust: 0.6 |
| url: | http://seclists.org/fulldisclosure/2012/mar/18?utm_source=twitterfeed&utm_medium=twitter | Trust: 0.3 |
| url: | http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html | Trust: 0.3 |
| url: | http://www.polycom.com/ | Trust: 0.3 |
| url: | http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html | Trust: 0.3 |
CREDITS
Jo??o Paulo Caldas Campello
Trust: 0.6
SOURCES
| db: | BID | id: | 52301 |
| db: | CNNVD | id: | CNNVD-201203-053 |
LAST UPDATE DATE
2022-05-17T01:45:31.714000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 52301 | date: | 2013-02-13T09:01:00 |
| db: | CNNVD | id: | CNNVD-201203-053 | date: | 2012-03-07T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 52301 | date: | 2012-03-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201203-053 | date: | 2012-03-07T00:00:00 |