Vulnerability Details CVE-2017-12857
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 4.0
References
- http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf
- http://www.securitytracker.com/id/1039309
- http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf
- http://www.securitytracker.com/id/1039309
Products affected by CVE-2017-12857
-
cpe:2.3:h:polycom:realpresence_trio:-
-
cpe:2.3:h:polycom:soundstation_ip:-
-
cpe:2.3:h:polycom:vvx:-
-
cpe:2.3:o:polycom:unified_communications_software:4.0.1
-
cpe:2.3:o:polycom:unified_communications_software:4.0.10
-
cpe:2.3:o:polycom:unified_communications_software:4.0.11
-
cpe:2.3:o:polycom:unified_communications_software:4.0.12
-
cpe:2.3:o:polycom:unified_communications_software:4.0.13
-
cpe:2.3:o:polycom:unified_communications_software:4.0.14.1580
-
cpe:2.3:o:polycom:unified_communications_software:4.0.2
-
cpe:2.3:o:polycom:unified_communications_software:4.0.5
-
cpe:2.3:o:polycom:unified_communications_software:4.0.6
-
cpe:2.3:o:polycom:unified_communications_software:4.0.7
-
cpe:2.3:o:polycom:unified_communications_software:4.0.8
-
cpe:2.3:o:polycom:unified_communications_software:4.0.9
-
cpe:2.3:o:polycom:unified_communications_software:4.1.6
-
cpe:2.3:o:polycom:unified_communications_software:4.1.7
-
cpe:2.3:o:polycom:unified_communications_software:4.1.8
-
cpe:2.3:o:polycom:unified_communications_software:5.0.1
-
cpe:2.3:o:polycom:unified_communications_software:5.0.2
-
cpe:2.3:o:polycom:unified_communications_software:5.1.1
-
cpe:2.3:o:polycom:unified_communications_software:5.1.2
-
cpe:2.3:o:polycom:unified_communications_software:5.1.3
-
cpe:2.3:o:polycom:unified_communications_software:5.2.0
-
cpe:2.3:o:polycom:unified_communications_software:5.2.3
-
cpe:2.3:o:polycom:unified_communications_software:5.2.4
-
cpe:2.3:o:polycom:unified_communications_software:5.2.5
-
cpe:2.3:o:polycom:unified_communications_software:5.3.0
-
cpe:2.3:o:polycom:unified_communications_software:5.3.1
-
cpe:2.3:o:polycom:unified_communications_software:5.3.2
-
cpe:2.3:o:polycom:unified_communications_software:5.3.3
-
cpe:2.3:o:polycom:unified_communications_software:5.4.0
-
cpe:2.3:o:polycom:unified_communications_software:5.4.0.10182
-
cpe:2.3:o:polycom:unified_communications_software:5.4.0.5841
-
cpe:2.3:o:polycom:unified_communications_software:5.4.1
-
cpe:2.3:o:polycom:unified_communications_software:5.4.2
-
cpe:2.3:o:polycom:unified_communications_software:5.4.3
-
cpe:2.3:o:polycom:unified_communications_software:5.4.4
-
cpe:2.3:o:polycom:unified_communications_software:5.4.5
-
cpe:2.3:o:polycom:unified_communications_software:5.4.6
-
cpe:2.3:o:polycom:unified_communications_software:5.4.7
-
cpe:2.3:o:polycom:unified_communications_software:5.5.0
-
cpe:2.3:o:polycom:unified_communications_software:5.5.1