An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
References
Link | Resource |
---|---|
https://sec-consult.com/de/vulnerability-lab/advisory/poly-eagleeye-director-ii-kritische-schwachstellen/ | Third Party Advisory |
https://sec-consult.com/vulnerability-lab/advisory/critical-vulnerabilities-poly-eagleeye-director-ii/ | Exploit Third Party Advisory |
https://www.poly.com/us/en/support/security-center | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-07-17T22:01:38
Updated: 2022-07-17T22:01:38
Reserved: 2022-03-04T00:00:00
Link: CVE-2022-26479
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-17T23:15:08.403
Modified: 2022-07-22T13:25:32.397
Link: CVE-2022-26479
JSON object: View
Redhat Information
No data.
CWE