module
Polycom Command Shell Authorization Bypass
| Disclosed | Created |
|---|---|
| 2013-01-18 | 2018-06-14 |
Disclosed
2013-01-18
Created
2018-06-14
Description
The login component of the Polycom Command Shell on Polycom HDX
video endpoints, running software versions 3.0.5 and earlier,
is vulnerable to an authorization bypass when simultaneous
connections are made to the service, allowing remote network
attackers to gain access to a sandboxed telnet prompt without
authentication. Versions prior to 3.0.4 contain OS command
injection in the ping command which can be used to execute
arbitrary commands as root.
video endpoints, running software versions 3.0.5 and earlier,
is vulnerable to an authorization bypass when simultaneous
connections are made to the service, allowing remote network
attackers to gain access to a sandboxed telnet prompt without
authentication. Versions prior to 3.0.4 contain OS command
injection in the ping command which can be used to execute
arbitrary commands as root.
Authors
Paul Haas Paul.Haas@Security-Assessment.com
h00die mike@shorebreaksecurity.com
h00die mike@shorebreaksecurity.com
Platform
Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.