Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | viewstation_h.323 | 6.5.1 |
| polycom | viewstation_512 | 6.5.1 |
| polycom | viewstation_v.35 | 7.2 |
| polycom | viewstation_128 | 7.2 |
| polycom | viewstation_fx_vs4000 | 4.1.5 |
| polycom | viewstation_mp | 7.2 |
| polycom | viewstation_dcp | 6.5.1 |
| polycom | viewstation_dcp | 7.2 |
| polycom | viewstation_128 | 6.5.1 |
| polycom | viewstation_sp_384 | 7.2 |
| polycom | viewstation_h.323 | 7.2 |
| polycom | viewstation_sp_384 | 6.5.1 |
| polycom | viewstation_512 | 7.2 |
| polycom | viewstation_v.35 | 6.5.1 |
| polycom | viewstation_mp | 6.5.1 |
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | viewstation_h.323 | 6.5.1 |
| polycom | viewstation_512 | 6.5.1 |
| polycom | viewstation_v.35 | 7.2 |
| polycom | viewstation_128 | 7.2 |
| polycom | viewstation_fx_vs4000 | 4.1.5 |
| polycom | viewstation_mp | 7.2 |
| polycom | viewstation_dcp | 6.5.1 |
| polycom | viewstation_dcp | 7.2 |
| polycom | viewstation_128 | 6.5.1 |
| polycom | viewstation_sp_384 | 7.2 |
| polycom | viewstation_h.323 | 7.2 |
| polycom | viewstation_sp_384 | 6.5.1 |
| polycom | viewstation_512 | 7.2 |
| polycom | viewstation_v.35 | 6.5.1 |
| polycom | viewstation_mp | 6.5.1 |
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-307,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | viewstation_h.323 | 6.5.1 |
| polycom | viewstation_512 | 6.5.1 |
| polycom | viewstation_v.35 | 7.2 |
| polycom | viewstation_128 | 7.2 |
| polycom | viewstation_fx_vs4000 | 4.1.5 |
| polycom | viewstation_mp | 7.2 |
| polycom | viewstation_dcp | 6.5.1 |
| polycom | viewstation_dcp | 7.2 |
| polycom | viewstation_128 | 6.5.1 |
| polycom | viewstation_sp_384 | 7.2 |
| polycom | viewstation_h.323 | 7.2 |
| polycom | viewstation_sp_384 | 6.5.1 |
| polycom | viewstation_512 | 7.2 |
| polycom | viewstation_v.35 | 6.5.1 |
| polycom | viewstation_mp | 6.5.1 |
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | viewstation_h.323 | 6.5.1 |
| polycom | viewstation_512 | 6.5.1 |
| polycom | viewstation_v.35 | 7.2 |
| polycom | viewstation_128 | 7.2 |
| polycom | viewstation_fx_vs4000 | 4.1.5 |
| polycom | viewstation_mp | 7.2 |
| polycom | viewstation_dcp | 6.5.1 |
| polycom | viewstation_dcp | 7.2 |
| polycom | viewstation_128 | 6.5.1 |
| polycom | viewstation_sp_384 | 7.2 |
| polycom | viewstation_h.323 | 7.2 |
| polycom | viewstation_sp_384 | 6.5.1 |
| polycom | viewstation_512 | 7.2 |
| polycom | viewstation_v.35 | 6.5.1 |
| polycom | viewstation_mp | 6.5.1 |
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | viewstation_h.323 | 6.5.1 |
| polycom | viewstation_512 | 6.5.1 |
| polycom | viewstation_v.35 | 7.2 |
| polycom | viewstation_128 | 7.2 |
| polycom | viewstation_fx_vs4000 | 4.1.5 |
| polycom | viewstation_mp | 7.2 |
| polycom | viewstation_dcp | 6.5.1 |
| polycom | viewstation_dcp | 7.2 |
| polycom | viewstation_128 | 6.5.1 |
| polycom | viewstation_sp_384 | 7.2 |
| polycom | viewstation_h.323 | 7.2 |
| polycom | viewstation_sp_384 | 6.5.1 |
| polycom | viewstation_512 | 7.2 |
| polycom | viewstation_v.35 | 6.5.1 |
| polycom | viewstation_mp | 6.5.1 |
Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | viavideo | 3.0 |
| polycom | viavideo | 2.2 |
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | viavideo | 3.0 |
| polycom | viavideo | 2.2 |
Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | mgc-25 | 5.51.21 |
| polycom | mgc-50 | * |
| polycom | mgc-25 | 5.51.211 |
| polycom | mgc-100 | * |
Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | soundpoint_ip_650 | bootrom_3.0.0 |
Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | soundpoint_ip_601 | 1.6.3.0067_bootrom_3.0.0 |
Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | hdx_video_end_points | * |
| polycom | uc_apl | * |
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | hdx_video_end_points | * |
| polycom | uc_apl | * |
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | hdx_system_software | * |
Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_cloudaxis_suite | * |
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_resource_manager | * |
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_resource_manager | * |
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_resource_manager | * |
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_resource_manager | * |
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_resource_manager | * |
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-275,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | btoe_connector | * |
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | unified_communications_software | * |
An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_debut_firmware | * |
An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_debut_firmware | * |
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | realpresence_web_suite | * |
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVSS 2.0
Severity: LOW
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | trio_8500_firmware | * |
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | trio_8500_firmware | * |
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | hdx | * |
| polycom | group_series | * |
| polycom | pano | * |
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | vvx_500_firmware | - |
| polycom | vvx_601_firmware | - |
| polycom | unified_communications_software | * |
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | vvx_500_firmware | - |
| polycom | vvx_601_firmware | - |
| polycom | unified_communications_software | * |
Stored XSS exists on Polycom QDX 6000 devices.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | qdx_6000_firmware | - |
CSRF exists on Polycom QDX 6000 devices.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | qdx_6000_firmware | - |
VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | unified_communications_software | * |
| polycom | better_together_over_ethernet_connector | * |
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | unified_communications_software | * |
| polycom | better_together_over_ethernet_connector | * |
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | hdx_system_software | * |
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-749,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | united_communications_software | * |
| polycom | unified_communications_software | * |
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | obihai_obi1022_firmware | 5.1.11 |
Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polycom | vvx_400_firmware | 5.3.1 |
| polycom | vvx_410_firmware | 5.3.1 |