cve/2015/CVE-2015-4685.md

CVE-2015-4685

Description

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

POC

Reference

• http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
• http://seclists.org/fulldisclosure/2015/Jun/81
• https://www.exploit-db.com/exploits/37449/

Github

• https://github.com/ARPSyndicate/cvemon