Vulnerability Description
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polycom | Btoe Connector | <= 2.3.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-PThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Nov/88Mailing ListThird Party Advisory
- https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513
- http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-PThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Nov/88Mailing ListThird Party Advisory
- https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513
FAQ
What is CVE-2015-8300?
CVE-2015-8300 is a vulnerability with a CVSS score of 7.8 (HIGH). Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges...
How severe is CVE-2015-8300?
CVE-2015-8300 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8300?
Check the references section above for vendor advisories and patch information. Affected products include: Polycom Btoe Connector.