Authorization bypass in Polycom

Good morning ethical hackers. Polycom HDX devices are popular worldwide for video conferencing. They are fit for meeting rooms and conference halls of various sizes as they support 1 to 3 displays. The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication.

So when all the conventional methods to get access to a network, this can work as an entry point of course if they are using this product. Let us see how this can be used in our pen test. Start Metasploit and load the exploit as shown below.

Set the target and check if it’s vulnerable as shown below using “check” command.

You can use the default payload or choose the required payload. I am using the below payload. After setting payload, type command “run” to run the exploit. The exploit works as shown below.

That was about authorization bypass in Polycom. Want to learn about sql injection. Want to learn Ethical Hacking in Real World Scenarios. Subscribe to our Digital Magazine.

Want to learn Real World Hacking?

Sign up now and get 8 FREE RESOURCES on Real World Hacking.