CVE-2015-4685 | Vulnerability Database | Aqua Security

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

Affected Software

Name	Vendor	Start Version	End Version
Realpresence_resource_manager	Polycom	*	8.3.2 (including)

References

http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
http://seclists.org/fulldisclosure/2015/Jun/81
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
https://www.exploit-db.com/exploits/37449/
http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
http://seclists.org/fulldisclosure/2015/Jun/81
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
https://www.exploit-db.com/exploits/37449/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-4685
CWE	https://cwe.mitre.org/data/definitions/264.html