CVE-2015-8300
Description
Polycom BToE Connector before 3.0.0 sets weak permissions on its service executable, allowing local unprivileged users to replace it and gain SYSTEM privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Polycom BToE Connector before 3.0.0 sets weak permissions on its service executable, allowing local unprivileged users to replace it and gain SYSTEM privileges.
Vulnerability
Polycom BToE Connector versions up to and including 2.3.0 installs the service executable plcmbtoesrv.exe in the default path C:\Program Files (x86)\polycom\polycom btoe connector\ with weak permissions granting Everyone: Full Control [1][2]. This allows any local user to modify or replace the file. The service runs with SYSTEM privileges. The fixed version is 3.0.0, released in March 2015 [1][2].
Exploitation
An attacker must have local access to the Windows system as an unprivileged user. No authentication beyond local logon is required. The attacker simply replaces the legitimate plcmbtoesrv.exe with a malicious executable of their choice. The next time the service starts (e.g., at system boot or by manually restarting the service), the malicious code executes in the context of the SYSTEM account [1][2].
Impact
Successful exploitation grants the attacker arbitrary code execution with SYSTEM privileges, the highest level of access on a Windows host. This results in complete compromise of the local system's confidentiality, integrity, and availability [1][2].
Mitigation
Users should upgrade to Polycom BToE Connector version 3.0.0, which was released in March 2015 and addresses the weak permissions [1][2]. No workaround is described in the available references; the service executable's permissions should be reviewed to restrict modification to trusted administrators only. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:polycom:btoe_connector:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:polycom:btoe_connector:*:*:*:*:*:*:*:*range: <=2.3.0
- (no CPE)range: <3.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Weak default file permissions (Everyone: Full Control) on the service binary allow any local user to replace it."
Attack vector
An unprivileged local user replaces the legitimate `plcmbtoesrv.exe` with a malicious executable, because the default installation grants Everyone: Full Control over the file [ref_id=1][ref_id=2]. When the Polycom BToE Connector service starts (or is restarted), Windows runs the replaced binary with SYSTEM privileges [ref_id=1][ref_id=2]. This gives the attacker arbitrary code execution at the highest Windows privilege level [ref_id=1][ref_id=2]. No authentication beyond local access is required, and no user interaction is needed beyond the service starting [ref_id=1][ref_id=2].
Affected code
The vulnerable binary is `plcmbtoesrv.exe`, located at `C:\program files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe` (standard installation path) [ref_id=1][ref_id=2]. This file is the executable for a Windows service that runs with SYSTEM privileges [ref_id=1][ref_id=2]. The default installation grants the "Everyone" group Full Control permissions on this file [ref_id=1][ref_id=2].
What the fix does
Polycom released version 3.0.0 in March 2015 to address this vulnerability [ref_id=1][ref_id=2]. The advisory does not include a patch diff, but the fix presumably tightens the ACL on `plcmbtoesrv.exe` so that unprivileged users can no longer modify it [ref_id=1][ref_id=2]. Users are directed to download the fixed version from Polycom's support site [ref_id=1][ref_id=2]. No further technical details about the remediation are provided in the advisory.
Preconditions
- authAttacker must have local access to the Windows host as an unprivileged user
- configThe Polycom BToE Connector service must be installed with default permissions
- inputThe service must be started or restarted after the file replacement
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2015/Nov/88nvdMailing ListThird Party Advisory
- github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513nvd
News mentions
0No linked articles in our index yet.