VAR-201810-0185
Vulnerability from variot - Updated: 2023-12-18 13:08The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. Polycom VVX 500 and 601 The device contains an information disclosure vulnerability.Information may be obtained. Polycom VVX is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Polycom VVX 500/601 version 5.8.0.12848 and prior are vulnerable. Polycom VVX 500 and 601 are IP telephone products of American Polycom (Polycom) company. SIP service is one of the SIP (Session Initiation Protocol) services. The SIP service in Polycom VVX 500 and 601 5.8.0.12848 and earlier versions has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vvx 500",
"scope": "eq",
"trust": 1.6,
"vendor": "polycom",
"version": null
},
{
"model": "vvx 601",
"scope": "eq",
"trust": 1.6,
"vendor": "polycom",
"version": null
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "vvx 500",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "vvx 601",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "unified communications software",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.8.0.12848"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.4.0.10182"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.8.0.12848"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.4.0.10182"
}
],
"sources": [
{
"db": "BID",
"id": "105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.0.12848",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:vvx_601_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:vvx_601:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:vvx_500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:vvx_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18566"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Micha Borrmann (SySS GmbH)",
"sources": [
{
"db": "BID",
"id": "105746"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18566",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-18566",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-129138",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-18566",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18566",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1237",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129138",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. Polycom VVX 500 and 601 The device contains an information disclosure vulnerability.Information may be obtained. Polycom VVX is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to obtain sensitive information that may aid in further attacks. \nPolycom VVX 500/601 version 5.8.0.12848 and prior are vulnerable. Polycom VVX 500 and 601 are IP telephone products of American Polycom (Polycom) company. SIP service is one of the SIP (Session Initiation Protocol) services. The SIP service in Polycom VVX 500 and 601 5.8.0.12848 and earlier versions has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "BID",
"id": "105746"
},
{
"db": "VULHUB",
"id": "VHN-129138"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18566",
"trust": 2.8
},
{
"db": "BID",
"id": "105746",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "149944",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-129138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "BID",
"id": "105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"id": "VAR-201810-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
}
],
"trust": 0.47019232
},
"last_update_date": "2023-12-18T13:08:17.320000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Polycom UC Software",
"trust": 0.8,
"url": "http://www.polycom.com/voice-conferencing-solutions/uc-software.html"
},
{
"title": "Polycom VVX 500",
"trust": 0.8,
"url": "https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx500.html"
},
{
"title": "Polycom VVX 601",
"trust": 0.8,
"url": "https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx601.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-028.txt"
},
{
"trust": 2.0,
"url": "https://seclists.org/bugtraq/2018/oct/33"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105746"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18566"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18566"
},
{
"trust": 0.3,
"url": "http://www.polycom.co.in/products-services/voice/desktop-solutions/realpresence-desktop-vvx-business-media-phones.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "BID",
"id": "105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "BID",
"id": "105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-129138"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105746"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"date": "2018-10-24T22:29:01.510000",
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"date": "2018-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-129138"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105746"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"date": "2021-06-15T15:04:36.357000",
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"date": "2021-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom VVX 500 and 601 Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…