PT-2017-12731 · Polycom · Polycom Vvx+2

Publicado

2017-08-25

Atualizado

2017-09-13

CVE-2017-12857

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to UCS 4.0.12 Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to 5.4.5 rev AG Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to 5.4.7 Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to 5.5.2 Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to 5.6.0

Description The issue affects the UCS web application, allowing an authenticated remote attacker to read a segment of the phone's memory. This could potentially expose an administrator's password or other sensitive information.

Recommendations For versions prior to UCS 4.0.12, update to version 4.0.12 or later. For versions prior to 5.4.5 rev AG, update to version 5.4.5 rev AG or later. For versions prior to 5.4.7, update to version 5.4.7 or later. For versions prior to 5.5.2, update to version 5.5.2 or later. For versions prior to 5.6.0, update to version 5.6.0 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-12857

Produtos afetados

Polycom Realpresence Trio

Polycom Soundstation Ip

Polycom Vvx

PT-2017-12731 · Polycom · Polycom Vvx+2

CVE-2017-12857

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4