Polycom Admin Panel - Detect

What is the "Polycom Admin Panel - Detect?"

The "Polycom Admin Panel - Detect" module is designed to detect the presence of the Polycom admin panel. Polycom admin panel is a software used for managing Polycom devices. This module focuses on detecting the admin panel and does not perform any actions beyond that. The severity of this module is classified as informative, meaning it provides information about the presence of the admin panel but does not indicate any specific vulnerabilities or misconfigurations. The original author of this module is e_schultze_.

Impact

This module does not have any direct impact as it only detects the presence of the Polycom admin panel. However, the presence of the admin panel may have security implications depending on the configuration and vulnerabilities associated with it.

How does the module work?

The "Polycom Admin Panel - Detect" module works by sending an HTTP GET request to the "/systemstatus.xml" path of the target. It then applies a set of matching conditions to determine if the response indicates the presence of the admin panel. The matching conditions include:

- Status code 200: The response should have a status code of 200, indicating a successful request. - Body contains "SYSTEMSTATUS": The response body should contain the word "SYSTEMSTATUS", indicating the presence of the admin panel. - Header contains "Server: lighttpd": The response header should contain the phrase "Server: lighttpd", indicating the server software used by the admin panel.

If all the matching conditions are met, the module reports the detection of the Polycom admin panel. The module allows a maximum of 1 request to be sent.