PT-2017-12731 · Polycom · Polycom Vvx+2
Published
2017-08-25
·
Updated
2017-09-13
·
CVE-2017-12857
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to UCS 4.0.12
Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to 5.4.5 rev AG
Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to 5.4.7
Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to 5.5.2
Polycom SoundStation IP, VVX, and RealPresence Trio versions prior to 5.6.0
Description
The issue affects the UCS web application, allowing an authenticated remote attacker to read a segment of the phone's memory. This could potentially expose an administrator's password or other sensitive information.
Recommendations
For versions prior to UCS 4.0.12, update to version 4.0.12 or later.
For versions prior to 5.4.5 rev AG, update to version 5.4.5 rev AG or later.
For versions prior to 5.4.7, update to version 5.4.7 or later.
For versions prior to 5.5.2, update to version 5.5.2 or later.
For versions prior to 5.6.0, update to version 5.6.0 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Polycom Realpresence Trio
Polycom Soundstation Ip
Polycom Vvx