PT-2019-11995 · Polycom · Polycom Vvx+2

Published

2019-06-24

Updated

2019-06-27

CVE-2019-10689

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Polycom VVX products using UCS software version 5.9.2 and earlier Polycom VVX products using Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier

Description The issue results in insufficient authentication between the BToE application and the BToE component, leading to leakage of sensitive information.

Recommendations For Polycom VVX products using UCS software version 5.9.2 and earlier, update the UCS software to a version later than 5.9.2. For Polycom VVX products using Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier, update the BToE application to a version later than 3.9.1.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-10689

Affected Products

Btoe

Polycom Vvx

Ucs

PT-2019-11995 · Polycom · Polycom Vvx+2

CVE-2019-10689

Weakness Enumeration

Related Identifiers

Affected Products

References · 4