CVE-2019-15742
published 2020-01-17CVE-2019-15742: A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this…
PriorityP349high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
4.98%
91.1th percentile
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plantronics | plantronics_hub | < 3.14 | 3.14 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)
exploitdb·2020-01-17
CVE-2019-15742 Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)
Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Plantronics Hub SpokesUpdateService Privilege Escalation',
'Description' => %q{
The Plantronics Hub client application for Windows makes use of an
automatic update service `SpokesUpdateService.exe` which automatically
executes a file specified in the `MajorUpgrade.config` configuration
file as SYSTEM. The configuration file is writable by all users by default.
This module has been tested successfully on Plantronics Hub version 3.13.2
on Windows 7 SP1 (x64).
},
'License' => MSF_LICENSE,
'Author' =>
[
'Markus Krell', # Discovery and PoC
'bcoles' #
Metasploit
Plantronics Hub SpokesUpdateService Privilege Escalation
metasploit
Plantronics Hub SpokesUpdateService Privilege Escalation
Plantronics Hub SpokesUpdateService Privilege Escalation
The Plantronics Hub client application for Windows makes use of an automatic update service `SpokesUpdateService.exe` which automatically executes a file specified in the `MajorUpgrade.config` configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).
No writeups or analysis indexed.
2020-01-17
Published