Polycom: Security Vulnerabilities
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
CVSS Score
9.8
EPSS Score
0.016
Published
2019-05-13
VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.
CVSS Score
6.8
EPSS Score
0.001
Published
2019-04-23
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-15
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-10-24
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-10-24
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-20
Stored XSS exists on Polycom QDX 6000 devices.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-07
CSRF exists on Polycom QDX 6000 devices.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-03-07
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-09-19