PT-2023-8565 · Poly · Poly Trio 8500+3
Christoph Wolff
+1
·
Published
2023-12-29
·
Updated
2024-05-17
·
CVE-2023-4468
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Poly Trio 8500 version unknown
Poly Trio 8800 version unknown
Poly Trio C60 version unknown
Description
A vulnerability was found in the Poly Lens Management Cloud Registration component, affecting an unknown part of it. The manipulation leads to missing authorization, and it is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This issue is related to deficiencies in the authorization procedure of the Poly Lens application interface for Poly Trio phones and acoustic systems for conference calls.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Poly Lens
Poly Trio 8500
Poly Trio 8800
Poly Trio C60