The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
737f912aedaeba8a1d57b9dc8bd11fe5911f1fbdc0923fc3bb63f868636273f6The login component of the Polycom Command Shell on Polycom HDX video endpints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
548cc509510583c6e9073f79cf341d4f7d444c54333db5eee6854c756f2f9ecfThe Polycom HDX is a series of telecommunication and video devices. The telnet component of Polycom HDX video endpoint devices is vulnerable to an authorization bypass when multiple simultaneous connections are repeatedly made to the service, allowing remote network attackers to gain full access to a Polycom command prompt without authentication. Versions prior to 3.0.4 also contain OS command injection in the ping command which can be used to escape the telnet prompt and execute arbitrary commands as root. Full Metasploit module included.
d6c612cfdc86b1458e81dbbcb92971210f9f19604de9afd1da509ddb21eceac2Ultr@VNC 1.0.1 Client Buffer Overflow exploit. Spawns an instance of calc.exe.
2fcdc0f17a5a95906e55a96c88e2e56425da544a1bfe0f190964c31c98046b57
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed