| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <735ae4de6408d4d0e510f571b2f2758a@redtimmy.com> Date: Mon, 19 Apr 2021 12:43:47 +0200 From: Red Timmy Security <publications@...timmy.com> To: fulldisclosure@...lists.org Subject: [FD] Plantronics HUB <= 3.21 EoP and DoS CVSS 3.0 score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Description of the Vulnerable Product Poly is a company with an annual revenue of 1,2 USD billion per year. They are behind the Plantronics brand producing audio devices for the segments business and consumer. Their software, Plantronics HUB, allows end users to customize the settings and view the status of the audio device plugged in the PC. Product Homepage: https://www.poly.com/us/en/support/downloads-apps/hub-desktop Version(s) Affected: 3.21 (last available) and prior Tested on Windows 10 and Windows 8 Vulnerability Description Plantronics HUB 3.21 (and previous versions) is affected by a privilege escalation vulnerability allowing any local unprivileged user to acquire elevated access rights and take full control of the system. Additionally local attackers can delete arbitrary files from the filesystem with the privileges of “NT_AUTHORITY\SYSTEM”. More details can be found here: https://www.redtimmy.com/when-a-denial-of-service-matters-fighting-with-risk-assessment-guys/ regards _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists