Search criteria
10 vulnerabilities found for hdx by polycom
VAR-201905-0784
Vulnerability from variot - Updated: 2023-12-18 12:28An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. plural Polycom The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0784",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "group series",
"scope": "lte",
"trust": 1.8,
"vendor": "polycom",
"version": "6.1.6.1"
},
{
"model": "pano",
"scope": "lte",
"trust": 1.8,
"vendor": "polycom",
"version": "1.1.1"
},
{
"model": "hdx",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "3.1.12"
},
{
"model": "hdx system software",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "3.1.12"
},
{
"model": "pano",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "1.1.1"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "3.1.12"
},
{
"model": "group series",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.6"
},
{
"model": "group series",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.5"
},
{
"model": "group series",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.4"
},
{
"model": "group series",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.3"
},
{
"model": "group series",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.7"
}
],
"sources": [
{
"db": "BID",
"id": "108430"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:polycom:group_series:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:polycom:pano:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:polycom:hdx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Frank Cozijnsen from KPN",
"sources": [
{
"db": "BID",
"id": "108430"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-15128",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15128",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15128",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-301",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-15128",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. plural Polycom The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "BID",
"id": "108430"
},
{
"db": "VULMON",
"id": "CVE-2018-15128"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15128",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301",
"trust": 0.6
},
{
"db": "BID",
"id": "108430",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2018-15128",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"db": "BID",
"id": "108430"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"id": "VAR-201905-0784",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31323528
},
"last_update_date": "2023-12-18T12:28:16.643000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY BULLETIN - Remote Code Execution Vulnerability Found in Group Series - Bulletin Version 1.0",
"trust": 0.8,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
},
{
"title": "Polycom Group Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92478"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15128"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15128"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"db": "BID",
"id": "108430"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"db": "BID",
"id": "108430"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "108430"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"date": "2019-05-13T14:29:00.440000",
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"date": "2019-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "108430"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"date": "2019-05-14T16:54:49.163000",
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Polycom Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
],
"trust": 0.6
}
}
VAR-201303-0507
Vulnerability from variot - Updated: 2022-05-17 02:07Polycom HDX Series are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized root access to the affected device; this may aid in launching further attacks.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "90000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "70000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "60000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "40000"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "90003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "80003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "70003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "60003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "40003.1.12"
}
],
"sources": [
{
"db": "BID",
"id": "58523"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "n.runs AG",
"sources": [
{
"db": "BID",
"id": "58523"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series are prone to a security-bypass vulnerability.\nAn attacker can exploit this issue to bypass certain security restrictions and gain unauthorized root access to the affected device; this may aid in launching further attacks.",
"sources": [
{
"db": "BID",
"id": "58523"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58523",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "58523"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"id": "VAR-201303-0507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2159091
},
"last_update_date": "2022-05-17T02:07:15.395000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58523"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "BID",
"id": "58523"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "58523"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58523"
},
{
"date": "2013-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58523"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series Security bypass vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "58523"
}
],
"trust": 0.3
}
}
VAR-201303-0456
Vulnerability from variot - Updated: 2022-05-17 02:02Polycom HDX Series devices are prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code with root access in the context of the vulnerable device. Failed exploit attempts will likely result in a denial-of-service condition.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "90000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "70000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "60000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "40000"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "90003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "80003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "70003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "60003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "40003.1.12"
}
],
"sources": [
{
"db": "BID",
"id": "58525"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moritz Jodeit of n.runs AG",
"sources": [
{
"db": "BID",
"id": "58525"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series devices are prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.\nAn attacker may exploit this issue to execute arbitrary code with root access in the context of the vulnerable device. Failed exploit attempts will likely result in a denial-of-service condition.",
"sources": [
{
"db": "BID",
"id": "58525"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58525",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "58525"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"id": "VAR-201303-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2159091
},
"last_update_date": "2022-05-17T02:02:35.342000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58525"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "BID",
"id": "58525"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "58525"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58525"
},
{
"date": "2013-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58525"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series \u2018 H.323 \u003c/ formatting string vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "58525"
}
],
"trust": 0.3
}
}
VAR-201801-1848
Vulnerability from variot - Updated: 2022-05-17 01:52PolycomHDX is a high-definition series of network cameras. A remote code execution vulnerability exists in PolycomHDX endpoints. An attacker can exploit a vulnerability to execute arbitrary code in the context of an application. A failed exploit can result in a denial of service condition. HDX 3.1.11 hotfix 1 and prior versions are affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx hotfix",
"scope": "eq",
"trust": 0.9,
"vendor": "polycom",
"version": "3.1.111"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.9,
"vendor": "polycom",
"version": "3.1.11"
},
{
"model": "hdx hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "3.1.112"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SensePost.",
"sources": [
{
"db": "BID",
"id": "101973"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01931",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-01931",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PolycomHDX is a high-definition series of network cameras. A remote code execution vulnerability exists in PolycomHDX endpoints. An attacker can exploit a vulnerability to execute arbitrary code in the context of an application. A failed exploit can result in a denial of service condition. \nHDX 3.1.11 hotfix 1 and prior versions are affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "101973",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-01931",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
]
},
"id": "VAR-201801-1848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
],
"trust": 1.08295455
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
]
},
"last_update_date": "2022-05-17T01:52:35.878000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for PolycomHDX Endpoint Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/114453"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/101973/"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
},
{
"trust": 0.3,
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/secruity-advisory-hdx.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"date": "2017-11-24T00:00:00",
"db": "BID",
"id": "101973"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101973"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "101973"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Endpoint Remote Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "101973"
}
],
"trust": 0.3
}
}
VAR-201203-0516
Vulnerability from variot - Updated: 2022-05-17 01:45Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web management interface g3/hdx hd",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "8000"
},
{
"model": "linux development platform 2.14.g3",
"scope": null,
"trust": 0.3,
"vendor": "polycom",
"version": null
},
{
"model": "hdx video end points",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "2.6"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "durango build",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "2.64740"
},
{
"model": "durango",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "2.6"
},
{
"model": "uc apl 2.7.1.j",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": null
},
{
"model": "hdx video end points",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "3.0.4"
},
{
"model": "hdx video end points",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "52301"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jo??o Paulo Caldas Campello",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
],
"trust": 0.6
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.\nRemote attackers can use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files in the context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.",
"sources": [
{
"db": "BID",
"id": "52301"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "52301",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201203-053",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "52301"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"id": "VAR-201203-0516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2159091
},
"last_update_date": "2022-05-17T01:45:31.714000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/52301"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2012/mar/18?utm_source=twitterfeed\u0026utm_medium=twitter"
},
{
"trust": 0.3,
"url": "http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
},
{
"trust": 0.3,
"url": "http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html"
}
],
"sources": [
{
"db": "BID",
"id": "52301"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "52301"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-05T00:00:00",
"db": "BID",
"id": "52301"
},
{
"date": "2012-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-13T09:01:00",
"db": "BID",
"id": "52301"
},
{
"date": "2012-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom Directory Traversal Vulnerabilities and Command Injection Vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "52301"
}
],
"trust": 0.3
}
}
VAR-201303-0508
Vulnerability from variot - Updated: 2022-05-17 01:45Polycom HDX is a high-definition series of network cameras. The Polycom HDX series uses user input that is not properly filtered for use in SQL queries. There is a SQL injection vulnerability in the implementation that an attacker can use to perform unauthorized database operations. Polycom HDX Series devices are prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject and execute arbitrary commands within the context of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "6000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "7000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "8000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "9000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "90000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "70000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "60000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "40000"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "90003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "80003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "70003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "60003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "40003.1.12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moritz Jodeit of n.runs AG",
"sources": [
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02164",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-02164",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX is a high-definition series of network cameras. The Polycom HDX series uses user input that is not properly filtered for use in SQL queries. There is a SQL injection vulnerability in the implementation that an attacker can use to perform unauthorized database operations. Polycom HDX Series devices are prone to a remote command-injection vulnerability. \nAttackers can exploit this issue to inject and execute arbitrary commands within the context of the affected device",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58524",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-02164",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"id": "VAR-201303-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
}
],
"trust": 0.8159090999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
}
]
},
"last_update_date": "2022-05-17T01:45:25.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Polycom HDX Series SQL Injection Vulnerability (CNVD-2013-02164)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/32994"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/58524"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/mar/97"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58524"
},
{
"date": "2013-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58524"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series Remote Command Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "58524"
}
],
"trust": 0.3
}
}
VAR-201303-0457
Vulnerability from variot - Updated: 2022-05-17 01:43Polycom HDX Series devices are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "90000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "70000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "60000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "40000"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "90003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "80003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "70003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "60003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "40003.1.12"
}
],
"sources": [
{
"db": "BID",
"id": "58526"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moritz Jodeit of n.runs AG",
"sources": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series devices are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.\nExploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.",
"sources": [
{
"db": "BID",
"id": "58526"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58526",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"id": "VAR-201303-0457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2159091
},
"last_update_date": "2022-05-17T01:43:25.548000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58526"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/mar/98"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58526"
},
{
"date": "2013-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58526"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series SQL Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
],
"trust": 0.6
}
}
FKIE_CVE-2018-15128
Vulnerability from fkie_nvd - Published: 2019-05-13 14:29 - Updated: 2024-11-21 03:50
Severity ?
Summary
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:group_series:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4035AB-7654-41E5-9B78-2B350E6DE0D6",
"versionEndIncluding": "6.1.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFFD1825-AAFF-45E2-8C31-E2A4FEF5C30E",
"versionEndIncluding": "3.1.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:pano:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4921E9-4A35-43B8-ABA3-46682ADCA172",
"versionEndIncluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets."
},
{
"lang": "es",
"value": "Fue encontrado un problema en Polycom Group Series versi\u00f3n 6.1.6.1 y anteriores, versi\u00f3n HDX 3.1.12 y anteriores, y versi\u00f3n Pano 1.1.1 y anteriores. Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en la funcionalidad Content Sharing debido a un Desbordamiento de B\u00fafer por medio de paquetes creados."
}
],
"id": "CVE-2018-15128",
"lastModified": "2024-11-21T03:50:21.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-13T14:29:00.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-15128 (GCVE-0-2018-15128)
Vulnerability from cvelistv5 – Published: 2019-05-13 13:18 – Updated: 2024-08-05 09:46
VLAI?
Summary
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T13:18:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf",
"refsource": "MISC",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15128",
"datePublished": "2019-05-13T13:18:22",
"dateReserved": "2018-08-07T00:00:00",
"dateUpdated": "2024-08-05T09:46:25.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15128 (GCVE-0-2018-15128)
Vulnerability from nvd – Published: 2019-05-13 13:18 – Updated: 2024-08-05 09:46
VLAI?
Summary
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T13:18:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf",
"refsource": "MISC",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15128",
"datePublished": "2019-05-13T13:18:22",
"dateReserved": "2018-08-07T00:00:00",
"dateUpdated": "2024-08-05T09:46:25.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}