Vulnerability Description
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Poly | Eagleeye Director Ii Firmware | < 2.2.2.1 |
| Poly | Eagleeye Director Ii | - |
Related Weaknesses (CWE)
References
- https://sec-consult.com/de/vulnerability-lab/advisory/poly-eagleeye-director-ii-Third Party Advisory
- https://sec-consult.com/vulnerability-lab/advisory/critical-vulnerabilities-polyExploitThird Party Advisory
- https://www.poly.com/us/en/support/security-centerVendor Advisory
- https://sec-consult.com/de/vulnerability-lab/advisory/poly-eagleeye-director-ii-Third Party Advisory
- https://sec-consult.com/vulnerability-lab/advisory/critical-vulnerabilities-polyExploitThird Party Advisory
- https://www.poly.com/us/en/support/security-centerVendor Advisory
FAQ
What is CVE-2022-26479?
CVE-2022-26479 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentic...
How severe is CVE-2022-26479?
CVE-2022-26479 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-26479?
Check the references section above for vendor advisories and patch information. Affected products include: Poly Eagleeye Director Ii Firmware, Poly Eagleeye Director Ii.