[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Plantronics HUB <= 3.21 EoP and DoS
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] Plantronics HUB <= 3.21 EoP and DoS
- From: Red Timmy Security <publications@xxxxxxxxxxxx>
- Date: Mon, 19 Apr 2021 12:43:47 +0200
CVSS 3.0 score:
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Description of the Vulnerable Product
Poly is a company with an annual revenue of 1,2 USD billion per year.
They are behind the Plantronics brand producing audio devices for the
segments business and consumer. Their software, Plantronics HUB, allows
end users to customize the settings and view the status of the audio
device plugged in the PC.
Product Homepage:
https://www.poly.com/us/en/support/downloads-apps/hub-desktop
Version(s) Affected:
3.21 (last available) and prior
Tested on
Windows 10 and Windows 8
Vulnerability Description
Plantronics HUB 3.21 (and previous versions) is affected by a privilege
escalation vulnerability allowing any local unprivileged user to acquire
elevated access rights and take full control of the system.
Additionally local attackers can delete arbitrary files from the
filesystem with the privileges of “NT_AUTHORITY\SYSTEM”.
More details can be found here:
https://www.redtimmy.com/when-a-denial-of-service-matters-fighting-with-risk-assessment-guys/
regards
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/