Search criteria
18 vulnerabilities found for unified_communications_software by polycom
FKIE_CVE-2019-12948
Vulnerability from fkie_nvd - Published: 2019-07-29 16:15 - Updated: 2024-11-21 04:23
Severity ?
Summary
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C625E971-506A-45F3-AD61-2070AEB0162F",
"versionEndExcluding": "5.8.5.1256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3B1B9B-3210-44ED-A5F3-6C9C0C800E33",
"versionEndExcluding": "5.9.3.2857",
"versionStartIncluding": "5.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33A63BC1-CB87-4C99-9549-B1DEB72BE4CC",
"versionEndExcluding": "6.0.0.4839",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:c12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79199231-6249-4C12-9400-E1351A7E92BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:c16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAE9212-F081-49BA-8619-6C8A7D99313B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFC659D-A7DF-458A-8161-2AF95954634E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E17290-C123-4A51-AF39-B3BCFCE6FFA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D973F-E4CA-4085-AFAF-F3FD48182144",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "620A47C4-7D4D-4C26-A4F6-E95A414996E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx301:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD18487-B8DF-42C8-A068-6C7C495485C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx311:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3853AB2F-A836-4964-9E93-4D4B46F4A673",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F28EF6-3F2B-4F0E-8349-F86EF0A65280",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D822D5C9-8C15-4CE9-AC65-A0C3C76B1F03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx411:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70824863-4F2C-4619-B5E1-22C4B41C0ADE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F721F0B-538B-482F-8A59-CFE4E388281F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D54DCE1-77EE-493A-B1B6-9C1D7C952180",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303F10D5-C6AC-4025-88D6-2368E904F327",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A23ECE-B6DD-4C6F-99C4-3A324947826D",
"versionEndExcluding": "5.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:trio_8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F43818E9-D3DE-45A7-8667-7B6B16625B97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:trio_8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48C05AC7-2D6E-4301-B312-EEFF9038EFC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "382C5E71-16F4-4E76-BC22-01D81BE4D618",
"versionEndExcluding": "4.0.14.1580",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "820C5839-7C52-4B88-90DA-C6C21FEFD0A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_301:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7424D6-2CE0-48A3-AFB0-C5D30819FF8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1956CD6A-BF80-4B6F-B07C-311667066BBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D22FD3DF-A86C-41C6-A744-685ED5F6609E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44A5EBB0-BBFE-49DE-8D63-7A7AC59E89C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_331:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA78F69-32BE-4675-A98A-B7FCF40627FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_335:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90416A73-992C-477D-9E0A-1F5170E9F884",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C73B2DB-06ED-44F5-BCBF-214E3EA74CB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD8F2D8-EBD9-41F7-8FED-13B8E827372C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1983CB3C-E88B-4355-9AF3-34F9D103A06A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7209DA9E-F392-44D9-A8D7-0403AD483D4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8840D5B2-33C8-438C-8C32-6B7702B571D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B071EF0-9F8D-4841-912F-41B82A43819D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B153D064-C831-46AB-BC3C-32601CBDD251",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B75A9809-5378-4C58-9E5A-909492DD2360",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF786C93-9283-40BB-8F6E-F2A1527E8513",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_ip_670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6757D2C2-8010-4EB9-A0B5-564FD8E1D7F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_pro_se-220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424B0E05-DFAC-4AC0-B079-66136051A94E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundpoint_pro_se-225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B9F4C3-1965-4278-863B-4DDE46C9BFC4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation_duo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "051C3271-88A0-42E2-8A2F-32DF20B5FF6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation_ip_4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51B28075-E9F4-41E7-B6DE-222DD5D4A4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation_ip_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7594DBE-73CA-42F9-9134-F69508BEA110",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation_ip_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FFCAC7-25C9-4640-8B97-7557BB13E07E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation_ip_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EE2AC3-483B-43FE-B83F-6E19C1D8AFA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation_ip_7000_video_integration:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89ED69EB-7E36-4383-BE2B-BC8FB3F94E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation_vtx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5ED780-8889-42F5-8F63-4483E3A56936",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14CAD094-E94C-4581-856E-EB132F16F6C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation2_avaya_2490:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A04ABECE-F4E0-4F16-8BA1-9B7E86FE144C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation2_direct_connect_for_nortel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "863AE311-1557-41EC-BBE0-296E25B533E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:soundstation2w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D02DBC31-14D7-484E-A68F-C5F076CB1CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C625E971-506A-45F3-AD61-2070AEB0162F",
"versionEndExcluding": "5.8.5.1256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3B1B9B-3210-44ED-A5F3-6C9C0C800E33",
"versionEndExcluding": "5.9.3.2857",
"versionStartIncluding": "5.9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:vvx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A36BDB2-1DB7-4D2F-B8AD-609C010B66A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F09F121C-EBBF-4B31-829F-6B584539EE0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3882D3C-6A93-4AB6-9B51-2D19571FC45C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28428904-FFBB-4BEF-ABD2-468D81D675C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A64CAE3-6218-4828-BF53-0D61DF0134DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:polycom:vvx600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "824C0FC8-C91D-4ADE-B105-87C8DD6C3603",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de los tel\u00e9fonos VVX, Trio, SoundStructure, SoundPoint y SoundStation que ejecutan el software Polycom UC, si se explota, podr\u00eda permitir que un atacante remoto autenticado con privilegios de administrador cause una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2019-12948",
"lastModified": "2024-11-21T04:23:52.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-29T16:15:12.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-749"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10689
Vulnerability from fkie_nvd - Published: 2019-06-24 22:15 - Updated: 2024-11-21 04:19
Severity ?
Summary
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polycom | better_together_over_ethernet_connector | * | |
| polycom | unified_communications_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:better_together_over_ethernet_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "327C8311-C854-4D47-B09D-91B0C3DD643D",
"versionEndIncluding": "3.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3042ADDC-F1B9-42CF-8B0B-2F46AD40F3F8",
"versionEndIncluding": "5.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information."
},
{
"lang": "es",
"value": "Los productos VVX que utiliza el software UCS versi\u00f3n 5.9.2 y anteriores, con la aplicaci\u00f3n Better Together over Ethernet Connector (BToE) versi\u00f3n 3.9.1 y anteriores, proporcionan una autenticaci\u00f3n insuficiente entre la aplicaci\u00f3n BToE y el componente de BToE, lo que produce un filtrado de informaci\u00f3n confidencial."
}
],
"id": "CVE-2019-10689",
"lastModified": "2024-11-21T04:19:45.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-24T22:15:08.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10688
Vulnerability from fkie_nvd - Published: 2019-04-23 21:29 - Updated: 2024-11-21 04:19
Severity ?
Summary
VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polycom | unified_communications_software | * | |
| polycom | better_together_over_ethernet_connector | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "001BF0C7-112F-4585-8A75-4D44B79AE63A",
"versionEndIncluding": "5.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:better_together_over_ethernet_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC960AF5-1F8C-44A9-AB5F-9765757BFBF6",
"versionEndIncluding": "3.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device."
},
{
"lang": "es",
"value": "Los productos VVX con versiones de software anteriores e incluyendo a UCS 5.9.2 con la aplicaci\u00f3n Better Together over Ethernet Connector (BToE) versi\u00f3n 3.9.1, utilizan credenciales codificadas para establecer conexiones entre la aplicaci\u00f3n host y el dispositivo."
}
],
"id": "CVE-2019-10688",
"lastModified": "2024-11-21T04:19:45.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-23T21:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18566
Vulnerability from fkie_nvd - Published: 2018-10-24 22:29 - Updated: 2024-11-21 03:56
Severity ?
Summary
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105746 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/bugtraq/2018/Oct/33 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105746 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2018/Oct/33 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polycom | unified_communications_software | * | |
| polycom | vvx_601_firmware | - | |
| polycom | vvx_601 | - | |
| polycom | vvx_500_firmware | - | |
| polycom | vvx_500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "270B45BB-1E87-40E8-A4CC-E74D38C2EA3F",
"versionEndIncluding": "5.8.0.12848",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:vvx_601_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A09C3FD-041F-4F55-B776-E37ECA458E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:vvx_601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED0BA593-F3F7-484A-BE62-ED28BD3A0788",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:vvx_500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6DF307-5370-4DFD-B24E-224DE0F01ECF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:vvx_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "148EECBE-504C-4743-B247-6692AC758712",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business."
},
{
"lang": "es",
"value": "El servicio SIP en dispositivos Polycom VVX 500 y 601, en versiones 5.8.0.12848 y anteriores, permite que atacantes remotos obtengan informaci\u00f3n sensible de configuraci\u00f3n del tel\u00e9fono aprovechando su uso con una instalaci\u00f3n \"on-premise\" con Skype for Business."
}
],
"id": "CVE-2018-18566",
"lastModified": "2024-11-21T03:56:10.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-24T22:29:01.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105746"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Oct/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Oct/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18568
Vulnerability from fkie_nvd - Published: 2018-10-24 22:29 - Updated: 2024-11-21 03:56
Severity ?
Summary
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://seclists.org/bugtraq/2018/Oct/36 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2018/Oct/36 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polycom | unified_communications_software | * | |
| polycom | vvx_601_firmware | - | |
| polycom | vvx_601 | - | |
| polycom | vvx_500_firmware | - | |
| polycom | vvx_500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "270B45BB-1E87-40E8-A4CC-E74D38C2EA3F",
"versionEndIncluding": "5.8.0.12848",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:vvx_601_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A09C3FD-041F-4F55-B776-E37ECA458E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:vvx_601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED0BA593-F3F7-484A-BE62-ED28BD3A0788",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:vvx_500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6DF307-5370-4DFD-B24E-224DE0F01ECF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:vvx_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "148EECBE-504C-4743-B247-6692AC758712",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business."
},
{
"lang": "es",
"value": "Los dispositivos Polycom VVX 500 y 601 en versiones 5.8.0.12848 y anteriores permiten que atacantes Man-in-the-Middle (MitM) obtengan informaci\u00f3n sensible de credenciales aprovechando el error a la hora de validar certificados X.509 al ser empleados con una instalaci\u00f3n \"on-premise\" con Skype for Business."
}
],
"id": "CVE-2018-18568",
"lastModified": "2024-11-21T03:56:10.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-24T22:29:01.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Oct/36"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Oct/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-12857
Vulnerability from fkie_nvd - Published: 2017-08-25 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "499B2603-7408-4EC4-9176-CF36DCAC2D5D",
"versionEndIncluding": "4.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:soundstation_ip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D084EA08-E7A4-415E-803F-11E7BA1119AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67FF91FF-524B-43F9-993A-6A67596CDE8F",
"versionEndIncluding": "5.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10B74669-87A8-4639-A814-2B09B782C064",
"versionEndIncluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:vvx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC78465-4DD8-42E7-84A5-DB8153659E97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4D4484-464C-44DF-8974-376A1F73CC05",
"versionEndIncluding": "5.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:polycom:realpresence_trio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB194641-9EC3-4B52-BAC8-2BB3C1C67F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone\u0027s memory which could contain an administrator\u0027s password or other sensitive information."
},
{
"lang": "es",
"value": "Polycom SoundStation IP, VVX, y RealPresence Trio que ejecuten software anterior a UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, o 5.6.0 se han visto afectadas por una vulnerabilidad en la aplicaci\u00f3n web UCS. Esta vulnerabilidad podr\u00eda permitir que un atacante remoto autenticado leyese un segmento de la memoria del tel\u00e9fono, el cual podr\u00eda contener una contrase\u00f1a de administrador u otro tipo de informaci\u00f3n sensible."
}
],
"id": "CVE-2017-12857",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-25T19:29:00.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1039309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039309"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-12948 (GCVE-0-2019-12948)
Vulnerability from cvelistv5 – Published: 2019-07-29 15:16 – Updated: 2024-08-04 23:32
VLAI?
Summary
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T20:40:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf",
"refsource": "CONFIRM",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12948",
"datePublished": "2019-07-29T15:16:41",
"dateReserved": "2019-06-24T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10689 (GCVE-0-2019-10689)
Vulnerability from cvelistv5 – Published: 2019-06-24 21:10 – Updated: 2024-08-04 22:32
VLAI?
Summary
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "108799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-24T21:11:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "108799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108799"
},
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf",
"refsource": "CONFIRM",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10689",
"datePublished": "2019-06-24T21:10:20",
"dateReserved": "2019-04-01T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10688 (GCVE-0-2019-10688)
Vulnerability from cvelistv5 – Published: 2019-04-23 20:58 – Updated: 2024-08-04 22:32
VLAI?
Summary
VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-17T15:35:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf",
"refsource": "CONFIRM",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10688",
"datePublished": "2019-04-23T20:58:29",
"dateReserved": "2019-04-01T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18566 (GCVE-0-2018-18566)
Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-08-05 11:15
VLAI?
Summary
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt"
},
{
"name": "105746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105746"
},
{
"name": "20181023 [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Oct/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-30T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt"
},
{
"name": "105746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105746"
},
{
"name": "20181023 [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2018/Oct/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt"
},
{
"name": "105746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105746"
},
{
"name": "20181023 [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18566",
"datePublished": "2018-10-24T22:00:00",
"dateReserved": "2018-10-22T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18568 (GCVE-0-2018-18568)
Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-08-05 11:15
VLAI?
Summary
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt"
},
{
"name": "20181023 [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Oct/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt"
},
{
"name": "20181023 [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2018/Oct/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt"
},
{
"name": "20181023 [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18568",
"datePublished": "2018-10-24T22:00:00",
"dateReserved": "2018-10-22T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12857 (GCVE-0-2017-12857)
Vulnerability from cvelistv5 – Published: 2017-08-25 19:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039309",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone\u0027s memory which could contain an administrator\u0027s password or other sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039309",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone\u0027s memory which could contain an administrator\u0027s password or other sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039309",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039309"
},
{
"name": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12857",
"datePublished": "2017-08-25T19:00:00",
"dateReserved": "2017-08-15T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12948 (GCVE-0-2019-12948)
Vulnerability from nvd – Published: 2019-07-29 15:16 – Updated: 2024-08-04 23:32
VLAI?
Summary
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T20:40:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf",
"refsource": "CONFIRM",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12948",
"datePublished": "2019-07-29T15:16:41",
"dateReserved": "2019-06-24T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10689 (GCVE-0-2019-10689)
Vulnerability from nvd – Published: 2019-06-24 21:10 – Updated: 2024-08-04 22:32
VLAI?
Summary
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "108799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-24T21:11:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "108799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108799"
},
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf",
"refsource": "CONFIRM",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10689",
"datePublished": "2019-06-24T21:10:20",
"dateReserved": "2019-04-01T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10688 (GCVE-0-2019-10688)
Vulnerability from nvd – Published: 2019-04-23 20:58 – Updated: 2024-08-04 22:32
VLAI?
Summary
VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-17T15:35:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf",
"refsource": "CONFIRM",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10688",
"datePublished": "2019-04-23T20:58:29",
"dateReserved": "2019-04-01T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18566 (GCVE-0-2018-18566)
Vulnerability from nvd – Published: 2018-10-24 22:00 – Updated: 2024-08-05 11:15
VLAI?
Summary
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt"
},
{
"name": "105746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105746"
},
{
"name": "20181023 [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Oct/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-30T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt"
},
{
"name": "105746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105746"
},
{
"name": "20181023 [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2018/Oct/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt"
},
{
"name": "105746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105746"
},
{
"name": "20181023 [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18566",
"datePublished": "2018-10-24T22:00:00",
"dateReserved": "2018-10-22T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18568 (GCVE-0-2018-18568)
Vulnerability from nvd – Published: 2018-10-24 22:00 – Updated: 2024-08-05 11:15
VLAI?
Summary
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt"
},
{
"name": "20181023 [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Oct/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt"
},
{
"name": "20181023 [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2018/Oct/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt"
},
{
"name": "20181023 [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18568",
"datePublished": "2018-10-24T22:00:00",
"dateReserved": "2018-10-22T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12857 (GCVE-0-2017-12857)
Vulnerability from nvd – Published: 2017-08-25 19:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039309",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone\u0027s memory which could contain an administrator\u0027s password or other sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039309",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone\u0027s memory which could contain an administrator\u0027s password or other sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039309",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039309"
},
{
"name": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12857",
"datePublished": "2017-08-25T19:00:00",
"dateReserved": "2017-08-15T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}