PT-2018-14520 · Microsoft+1 · Skype For Business+2

Micha Borrmann

Published

2018-10-24

Updated

2021-06-15

CVE-2018-18566

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Polycom VVX 500 and 601 devices versions 5.8.0.12848 and earlier

Description The issue allows remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. This is related to the SIP service in the affected devices.

Recommendations For Polycom VVX 500 and 601 devices versions 5.8.0.12848 and earlier, update to a version later than 5.8.0.12848 to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-18566

Affected Products

Polycom Vvx 500

Polycom Vvx 601

Skype For Business

PT-2018-14520 · Microsoft+1 · Skype For Business+2

CVE-2018-18566

Weakness Enumeration

Related Identifiers

Affected Products

References · 5