CVE-2012-6609

Vulnerability

A directory traversal vulnerability exists in a_getlog.cgi of Polycom HDX Video End Points before version 3.0.4 and UC APL before version 2.7.1.J. The bug is triggered via a .. (dot dot) sequence in the name parameter, allowing attackers to read arbitrary files on the device. The vulnerable code path is reachable without authentication, as the web management interface does not properly sanitize user input.

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the affected device's web management interface. The attacker only needs network access to the Polycom device; no authentication is required. The request targets a_getlog.cgi with a name parameter containing directory traversal sequences, such as ../../../etc/passwd. The device then returns the contents of the specified file.

Impact

Successful exploitation allows an unauthenticated remote attacker to read arbitrary files on the Polycom device's filesystem. This can lead to disclosure of sensitive information, including configuration files, credentials, or other data that may aid in further attacks. The vulnerability does not allow writing or executing files, but information disclosure can compromise the security of the device and network.

Mitigation

Polycom released fixes in versions 3.0.4 for HDX Video End Points and 2.7.1.J for UC APL. Users should upgrade to these versions or later. If upgrading is not possible, restricting network access to the web management interface and monitoring for suspicious requests can reduce risk. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].