CVE-2023-4467

Name of the Vulnerable Software and Affected Versions Poly Trio 8800 version 7.2.6.0019

Description A critical issue was found in the Test Automation Mode component of the Poly Trio 8800, which can be manipulated to create a backdoor. The attack can be launched on the physical device. Additionally, there is a vulnerability related to undocumented configuration commands in the Poly Lens Management Cloud Registration component of Poly Trio phones and acoustic systems for conference calls, which can allow an attacker to elevate their privileges.

Recommendations For Poly Trio 8800 version 7.2.6.0019, consider disabling the Test Automation Mode until a patch is available to prevent potential backdoor exploitation. Restrict access to the Poly Lens Management Cloud Registration component to minimize the risk of privilege elevation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.