VAR-201708-1101
Vulnerability from variot - Updated: 2023-12-18 12:44Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. Polycom UCS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomSoundStationIP, VVX and RealPresenceTrio are products of Polycom Corporation of the United States. PolycomSoundStationIP is an IP phone; VVX is a video conferencing phone; RealPresenceTrio is a smart multimedia device. An information disclosure vulnerability exists in UCS in PolycomSoundStationIP, VVX, and RealPresenceTrio
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "4.0.11"
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.4.4"
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.5.1"
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.4.6"
},
{
"model": "unified communications software",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "\u003cucs",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx4.0.12"
},
{
"model": "rev ag",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx\u003c5.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx\u003c5.4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx\u003c5.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx\u003c5.6.0"
},
{
"model": "realpresence trio \u003cucs",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "4.0.12"
},
{
"model": "realpresence trio rev ag",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.5"
},
{
"model": "realpresence trio",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.7"
},
{
"model": "realpresence trio",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.5.2"
},
{
"model": "realpresence trio",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.6.0"
},
{
"model": "soundstation ip rev ag",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.5"
},
{
"model": "soundstation ip \u003cucs",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "4.0.12"
},
{
"model": "soundstation ip",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.7"
},
{
"model": "soundstation ip",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.5.2"
},
{
"model": "soundstation ip",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.6.0"
},
{
"model": "unified communications software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "4.0.11"
},
{
"model": "unified communications software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.4"
},
{
"model": "unified communications software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.6"
},
{
"model": "unified communications software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:soundstation_ip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:vvx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:realpresence_trio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12857"
}
]
},
"cve": "CVE-2017-12857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12857",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-30594",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12857",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12857",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-30594",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-627",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone\u0027s memory which could contain an administrator\u0027s password or other sensitive information. Polycom UCS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomSoundStationIP, VVX and RealPresenceTrio are products of Polycom Corporation of the United States. PolycomSoundStationIP is an IP phone; VVX is a video conferencing phone; RealPresenceTrio is a smart multimedia device. An information disclosure vulnerability exists in UCS in PolycomSoundStationIP, VVX, and RealPresenceTrio",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "CNVD",
"id": "CNVD-2017-30594"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12857",
"trust": 3.0
},
{
"db": "SECTRACK",
"id": "1039309",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-30594",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"id": "VAR-201708-1101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
}
],
"trust": 0.97301587
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
}
]
},
"last_update_date": "2023-12-18T12:44:28.030000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory Relating to Information Disclosure Vulnerability on Polycom UCS-Based Products",
"trust": 0.8,
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
},
{
"title": "Patch for PolycomSoundStationIP, VVX, and RealPresenceTrioUCS Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/103969"
},
{
"title": "Polycom SoundStation IP , VVX and RealPresence Trio UCS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74004"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1039309"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12857"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12857"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"date": "2017-08-25T19:29:00.270000",
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"date": "2017-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"date": "2017-09-13T01:29:08.583000",
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom UCS Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…