Search criteria
9 vulnerabilities found for hdx_system_software by polycom
FKIE_CVE-2019-11355
Vulnerability from fkie_nvd - Published: 2020-03-12 21:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polycom | hdx_system_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E79A1E6E-6526-4754-8613-D553001F99B8",
"versionEndIncluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator\u0027s page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Poly (antes Polycom) HDX versi\u00f3n 3.1.13. Existe una funcionalidad que permite la creaci\u00f3n de un certificado de servidor/cliente, o la carga del certificado de usuario, en la p\u00e1gina del administrador. El valor recibido del usuario es el valor del factor de un script de shell en el equipo. Mediante la introducci\u00f3n de un car\u00e1cter especial (tal y como una comilla simple) en un campo CN u otro CSR, puede ser insertado un comando en un valor del factor. Un comando de sistema puede ser ejecutado como root."
}
],
"id": "CVE-2019-11355",
"lastModified": "2024-11-21T04:20:56.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-12T21:15:12.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6611
Vulnerability from fkie_nvd - Published: 2020-02-10 15:15 - Updated: 2024-11-21 01:46
Severity ?
Summary
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43032 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43032 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47A0F187-AA15-4859-BB58-8623FE0CC03E",
"versionEndIncluding": "3.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:hdx_4002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8E84D3-63CE-49C4-A28C-5BA6E461F379",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC7595-A5E1-4528-8D6B-DE1826E90B66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82F969B1-8A48-4808-BEA6-A8AE39012ABC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_7001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C71FD8A0-7764-46CB-8E83-9439455A9D12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_7002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "405D3D5F-F0D0-4A42-A33D-AD6DBA7541B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7B2480-81EA-4A46-B02E-045FAD422CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DFCC78-5160-4BBC-BD5A-05E2B7208696",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B150C4BF-DA15-42FC-90AE-D5D13DB1A4DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115F3A96-75DA-45CE-9594-F3A04589B54A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00AD2C80-D58A-494A-BA20-2A5B6279AFAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2312BC5A-8533-4F46-B57C-AB42AE941F8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Polycom Web Management Interface G3/HDX 8000 HD con el software Durango versi\u00f3n 2.6.0 4740 y la plataforma de desarrollo Polycom Linux 2.14.g3 integrada. Tiene una contrase\u00f1a administrativa en blanco de forma predeterminada, y se puede usar con \u00e9xito sin establecer esta contrase\u00f1a."
}
],
"id": "CVE-2012-6611",
"lastModified": "2024-11-21T01:46:29.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-10T15:15:11.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4970
Vulnerability from fkie_nvd - Published: 2013-01-01 12:35 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polycom | hdx_system_software | * | |
| polycom | hdx_system_software | 2.0.5_j | |
| polycom | hdx_system_software | 2.5.0.7 | |
| polycom | hdx_system_software | 2.5.0.7_g | |
| polycom | hdx_system_software | 2.6.1 | |
| polycom | hdx_system_software | 2.6.1.3 | |
| polycom | hdx_system_software | 2.7.0_j | |
| polycom | hdx_4002 | - | |
| polycom | hdx_4500 | - | |
| polycom | hdx_6000 | - | |
| polycom | hdx_7001 | - | |
| polycom | hdx_7002 | - | |
| polycom | hdx_8002 | - | |
| polycom | hdx_8004 | - | |
| polycom | hdx_8006 | - | |
| polycom | hdx_9002 | - | |
| polycom | hdx_9004 | - | |
| polycom | hdx_9006 | - | |
| polycom | hdx_system_software | * | |
| polycom | hdx_system_software | 3.0.0 | |
| polycom | hdx_system_software | 3.0.0.1 | |
| polycom | hdx_system_software | 3.0.0.2 | |
| polycom | hdx_system_software | 3.0.1 | |
| polycom | hdx_system_software | 3.0.2 | |
| polycom | hdx_system_software | 3.0.3 | |
| polycom | hdx_system_software | 3.0.3.1 | |
| polycom | hdx_4002 | - | |
| polycom | hdx_4500 | - | |
| polycom | hdx_6000 | - | |
| polycom | hdx_7001 | - | |
| polycom | hdx_7002 | - | |
| polycom | hdx_8002 | - | |
| polycom | hdx_8004 | - | |
| polycom | hdx_8006 | - | |
| polycom | hdx_9002 | - | |
| polycom | hdx_9004 | - | |
| polycom | hdx_9006 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56554F4E-9547-4E58-AE6A-B8820D463868",
"versionEndIncluding": "2.7.1_j",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:2.0.5_j:*:*:*:*:*:*:*",
"matchCriteriaId": "4180B53C-0E41-479F-8579-B892A859AFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:2.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7239695C-E3EB-44E9-8BD0-613C9C6CE3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:2.5.0.7_g:*:*:*:*:*:*:*",
"matchCriteriaId": "BF41C666-FC51-4862-9C1C-23E22C16CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34B3F4FF-6C74-40C1-BC77-41E97EA2184E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:2.6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97F16E82-A486-4725-A702-B51F223BF8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:2.7.0_j:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED604D-2BEB-4886-AAE2-7583107B5A73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:hdx_4002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8E84D3-63CE-49C4-A28C-5BA6E461F379",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC7595-A5E1-4528-8D6B-DE1826E90B66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82F969B1-8A48-4808-BEA6-A8AE39012ABC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_7001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C71FD8A0-7764-46CB-8E83-9439455A9D12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_7002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "405D3D5F-F0D0-4A42-A33D-AD6DBA7541B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7B2480-81EA-4A46-B02E-045FAD422CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DFCC78-5160-4BBC-BD5A-05E2B7208696",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B150C4BF-DA15-42FC-90AE-D5D13DB1A4DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115F3A96-75DA-45CE-9594-F3A04589B54A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00AD2C80-D58A-494A-BA20-2A5B6279AFAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2312BC5A-8533-4F46-B57C-AB42AE941F8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6103E9-F699-4254-A242-AD35D49C5E5D",
"versionEndIncluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "462AF19B-8FBC-40AB-A49F-A4C3268EE36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA96902-2F18-4054-AC7A-5D4CCD57685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C46E544-D7B6-4453-9F7F-757DA0D5F95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78795513-8B58-4318-8FF0-708AA00D98C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D75364F0-052E-40AF-84B1-25587ACC647D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15E91C61-EA9D-4DFB-A55C-D899A576D783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:hdx_system_software:3.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4B51BC-5CDB-4C3E-A3E7-2BF7FB9AFBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:hdx_4002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8E84D3-63CE-49C4-A28C-5BA6E461F379",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC7595-A5E1-4528-8D6B-DE1826E90B66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82F969B1-8A48-4808-BEA6-A8AE39012ABC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_7001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C71FD8A0-7764-46CB-8E83-9439455A9D12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_7002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "405D3D5F-F0D0-4A42-A33D-AD6DBA7541B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7B2480-81EA-4A46-B02E-045FAD422CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DFCC78-5160-4BBC-BD5A-05E2B7208696",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_8006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B150C4BF-DA15-42FC-90AE-D5D13DB1A4DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115F3A96-75DA-45CE-9594-F3A04589B54A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00AD2C80-D58A-494A-BA20-2A5B6279AFAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:hdx_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2312BC5A-8533-4F46-B57C-AB42AE941F8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administraci\u00f3n web de Polycom HDX Video End Points con software UC APL antes de v2.7.1.1_J y software comercial antes de v3.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-4970",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-01T12:35:13.680",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html"
},
{
"source": "cve@mitre.org",
"url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027926"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-11355 (GCVE-0-2019-11355)
Vulnerability from cvelistv5 – Published: 2020-03-12 20:56 – Updated: 2024-08-04 22:48
VLAI?
Summary
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator\u0027s page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T20:56:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator\u0027s page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf",
"refsource": "MISC",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11355",
"datePublished": "2020-03-12T20:56:02",
"dateReserved": "2019-04-19T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6611 (GCVE-0-2012-6611)
Vulnerability from cvelistv5 – Published: 2020-02-10 14:47 – Updated: 2024-08-06 21:36
VLAI?
Summary
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T15:37:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/43032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html",
"refsource": "MISC",
"url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"name": "https://www.exploit-db.com/exploits/43032",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/43032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6611",
"datePublished": "2020-02-10T14:47:38",
"dateReserved": "2013-11-26T00:00:00",
"dateUpdated": "2024-08-06T21:36:01.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4970 (GCVE-0-2012-4970)
Vulnerability from cvelistv5 – Published: 2013-01-01 11:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027926",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027926"
},
{
"name": "20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027926",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027926"
},
{
"name": "20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027926"
},
{
"name": "20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html"
},
{
"name": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf",
"refsource": "CONFIRM",
"url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4970",
"datePublished": "2013-01-01T11:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11355 (GCVE-0-2019-11355)
Vulnerability from nvd – Published: 2020-03-12 20:56 – Updated: 2024-08-04 22:48
VLAI?
Summary
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator\u0027s page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T20:56:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator\u0027s page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf",
"refsource": "MISC",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11355",
"datePublished": "2020-03-12T20:56:02",
"dateReserved": "2019-04-19T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6611 (GCVE-0-2012-6611)
Vulnerability from nvd – Published: 2020-02-10 14:47 – Updated: 2024-08-06 21:36
VLAI?
Summary
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T15:37:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/43032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html",
"refsource": "MISC",
"url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"name": "https://www.exploit-db.com/exploits/43032",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/43032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6611",
"datePublished": "2020-02-10T14:47:38",
"dateReserved": "2013-11-26T00:00:00",
"dateUpdated": "2024-08-06T21:36:01.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4970 (GCVE-0-2012-4970)
Vulnerability from nvd – Published: 2013-01-01 11:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027926",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027926"
},
{
"name": "20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027926",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027926"
},
{
"name": "20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027926"
},
{
"name": "20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html"
},
{
"name": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf",
"refsource": "CONFIRM",
"url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4970",
"datePublished": "2013-01-01T11:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}