Heyderandrade

Name of the Vulnerable Software and Affected Versions: Polycom Web Management Interface G3/HDX 8000 HD with Durango version 2.6.0 4740 Polycom Linux Development Platform version 2.14.g3 Description: The issue is related to a default blank administrative password in the Polycom Web Management Interface, which can be used without setting a password. Recommendations: For Polycom Web Management Interface G3/HDX 8000 HD with Durango version 2.6.0 4740, set a strong administrative password to prevent unauthorized access. For Polycom Linux Development Platform version 2.14.g3, configure a secure administrative password to mitigate the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Polycom HDX Video End Points versions prior to 3.0.4 Polycom UC APL versions prior to 2.7.1.J Description: The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `name` parameter of the a getlog.cgi endpoint. This is a directory traversal vulnerability. Recommendations: For Polycom HDX Video End Points versions prior to 3.0.4, update to version 3.0.4 or later. For Polycom UC APL versions prior to 2.7.1.J, update to version 2.7.1.J or later. As a temporary workaround, consider restricting access to the a getlog.cgi endpoint until a patch is available. Avoid using the `name` parameter with .. (dot dot) sequences in the a getlog.cgi endpoint until the issue is resolved.