An attacker can simply create a new account and set-up a backdoor with the file mentioned above.
The file can be created via the copy-paste method. There is no need to manually edit the file.
The file must be created on the server’s root directory.
To fix this issue, you should update to the latest version.
If you have not updated, then we strongly recommend that you do it as soon as possible.
Affected versions:
Poly EagleEye Director II before 2.2.2.1
Eliminate the issue immediately.
Update to latest version
The latest version of the Poly EagleEye Director II is 2.2.2.1, which fixed the issue with CVE-2022-26479.
To update to the latest version of the product, follow these steps:
Protect your network with a firewall
An attacker can simply create a new account and set-up a backdoor with the file mentioned above.
The file can be created via the copy-paste method. There is no need to manually edit the file.
The file must be created on the server’s root directory.
To fix this issue, you should update to the latest version.
Timeline
Published on: 07/17/2022 23:15:00 UTC
Last modified on: 07/22/2022 13:25:00 UTC
References
- https://www.poly.com/us/en/support/security-center
- https://sec-consult.com/de/vulnerability-lab/advisory/poly-eagleeye-director-ii-kritische-schwachstellen/
- https://sec-consult.com/vulnerability-lab/advisory/critical-vulnerabilities-poly-eagleeye-director-ii/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26479