VulnerAlert



SYSTEMS
15-07-2025 21:30

CVE-2025-34093 Vulnerabilidad documentada

7.5 HIGH
Tags
#injection
#where
#systems
#vulnerability
#attackers
#authenticated
#arbitrary
#remote
#root
#inject
#flaw
#execution
#execute
#allow
#attack
#access
#affect
Descripción
An authenticated command injection vulnerability exists in the Polycom HDX Series shell interface accessible over Telnet. The lan traceroute devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting metacharacters through interface, an attacker can achieve remote code execution under context of root user. This flaw affects systems where Telnet access is enabled and either unauthenticated allowed or credentials are known.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/misc/polycom_hdx_traceroute_exec.rb
https://staaldraad.github.io/2017/11/12/polycom-hdx-rce/
https://vulncheck.com/advisories/polycom-hdx-series-telnet-rce
https://web.archive.org/web/20200312205144/http://support.polycom.com/content/dam/polycom-support/global/documentation/securityadvisory-remotecodeexecutionon-hdx-v0.3-hotfix-release.pdf
https://www.exploit-db.com/exploits/24494
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-34093
Resultados similares
Coincidentes en almenos en 50% de los tags
15-07-2025
Police disrupt “Diskstation” ransomware gang attacking NAS devices An international...
Ver información
15-07-2025
Interlock ransomware adopts new FileFix attack to push malware Hackers have adopted the new tec...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por