MidnightBSD

Advisories for polycom

CVE-2002-0626 HIGH

Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom viewstation_h.323 6.5.1
polycom viewstation_512 6.5.1
polycom viewstation_v.35 7.2
polycom viewstation_128 7.2
polycom viewstation_fx_vs4000 4.1.5
polycom viewstation_mp 7.2
polycom viewstation_dcp 6.5.1
polycom viewstation_dcp 7.2
polycom viewstation_128 6.5.1
polycom viewstation_sp_384 7.2
polycom viewstation_h.323 7.2
polycom viewstation_sp_384 6.5.1
polycom viewstation_512 7.2
polycom viewstation_v.35 6.5.1
polycom viewstation_mp 6.5.1
CVE-2002-0627 HIGH

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom viewstation_h.323 6.5.1
polycom viewstation_512 6.5.1
polycom viewstation_v.35 7.2
polycom viewstation_128 7.2
polycom viewstation_fx_vs4000 4.1.5
polycom viewstation_mp 7.2
polycom viewstation_dcp 6.5.1
polycom viewstation_dcp 7.2
polycom viewstation_128 6.5.1
polycom viewstation_sp_384 7.2
polycom viewstation_h.323 7.2
polycom viewstation_sp_384 6.5.1
polycom viewstation_512 7.2
polycom viewstation_v.35 6.5.1
polycom viewstation_mp 6.5.1
CVE-2002-0628 MEDIUM

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
polycom viewstation_h.323 6.5.1
polycom viewstation_512 6.5.1
polycom viewstation_v.35 7.2
polycom viewstation_128 7.2
polycom viewstation_fx_vs4000 4.1.5
polycom viewstation_mp 7.2
polycom viewstation_dcp 6.5.1
polycom viewstation_dcp 7.2
polycom viewstation_128 6.5.1
polycom viewstation_sp_384 7.2
polycom viewstation_h.323 7.2
polycom viewstation_sp_384 6.5.1
polycom viewstation_512 7.2
polycom viewstation_v.35 6.5.1
polycom viewstation_mp 6.5.1
CVE-2002-0629 MEDIUM

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom viewstation_h.323 6.5.1
polycom viewstation_512 6.5.1
polycom viewstation_v.35 7.2
polycom viewstation_128 7.2
polycom viewstation_fx_vs4000 4.1.5
polycom viewstation_mp 7.2
polycom viewstation_dcp 6.5.1
polycom viewstation_dcp 7.2
polycom viewstation_128 6.5.1
polycom viewstation_sp_384 7.2
polycom viewstation_h.323 7.2
polycom viewstation_sp_384 6.5.1
polycom viewstation_512 7.2
polycom viewstation_v.35 6.5.1
polycom viewstation_mp 6.5.1
CVE-2002-0630 MEDIUM

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom viewstation_h.323 6.5.1
polycom viewstation_512 6.5.1
polycom viewstation_v.35 7.2
polycom viewstation_128 7.2
polycom viewstation_fx_vs4000 4.1.5
polycom viewstation_mp 7.2
polycom viewstation_dcp 6.5.1
polycom viewstation_dcp 7.2
polycom viewstation_128 6.5.1
polycom viewstation_sp_384 7.2
polycom viewstation_h.323 7.2
polycom viewstation_sp_384 6.5.1
polycom viewstation_512 7.2
polycom viewstation_v.35 6.5.1
polycom viewstation_mp 6.5.1
CVE-2002-1905 MEDIUM

Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom viavideo 3.0
polycom viavideo 2.2
CVE-2002-1906 MEDIUM

The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom viavideo 3.0
polycom viavideo 2.2
CVE-2003-0556 MEDIUM

Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom mgc-25 5.51.21
polycom mgc-50 *
polycom mgc-25 5.51.211
polycom mgc-100 *
CVE-2007-3368 HIGH

Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom soundpoint_ip_650 bootrom_3.0.0
CVE-2007-3369 HIGH

Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
polycom soundpoint_ip_601 1.6.3.0067_bootrom_3.0.0
CVE-2012-6609 MEDIUM

Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
polycom hdx_video_end_points *
polycom uc_apl *
CVE-2012-6610 HIGH

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
polycom hdx_video_end_points *
polycom uc_apl *
CVE-2012-6611 HIGH

An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
polycom hdx_system_software *
CVE-2015-1516 LOW

Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
polycom realpresence_cloudaxis_suite *
CVE-2015-4681 HIGH

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
polycom realpresence_resource_manager *
CVE-2015-4682 MEDIUM

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
polycom realpresence_resource_manager *
CVE-2015-4683 HIGH

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
polycom realpresence_resource_manager *
CVE-2015-4684 MEDIUM

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
polycom realpresence_resource_manager *
CVE-2015-4685 MEDIUM

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
polycom realpresence_resource_manager *
CVE-2015-8300 HIGH

Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-275,

Products Affected

Vendor Product Version
polycom btoe_connector *
CVE-2017-12857 MEDIUM

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
polycom unified_communications_software *
CVE-2018-10946 LOW

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
polycom realpresence_debut_firmware *
CVE-2018-10947 LOW

An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
polycom realpresence_debut_firmware *
CVE-2018-12592 MEDIUM

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
polycom realpresence_web_suite *
CVE-2018-14934 LOW

The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
polycom trio_8500_firmware *
CVE-2018-14935 MEDIUM

The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
polycom trio_8500_firmware *
CVE-2018-15128 HIGH

An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
polycom hdx *
polycom group_series *
polycom pano *
CVE-2018-18566 MEDIUM

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
polycom vvx_500_firmware -
polycom vvx_601_firmware -
polycom unified_communications_software *
CVE-2018-18568 MEDIUM

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
polycom vvx_500_firmware -
polycom vvx_601_firmware -
polycom unified_communications_software *
CVE-2018-7564 MEDIUM

Stored XSS exists on Polycom QDX 6000 devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
polycom qdx_6000_firmware -
CVE-2018-7565 MEDIUM

CSRF exists on Polycom QDX 6000 devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
polycom qdx_6000_firmware -
CVE-2019-10688 MEDIUM

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
polycom unified_communications_software *
polycom better_together_over_ethernet_connector *
CVE-2019-10689 LOW

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
polycom unified_communications_software *
polycom better_together_over_ethernet_connector *
CVE-2019-11355 HIGH

An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
polycom hdx_system_software *
CVE-2019-12948 MEDIUM

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-749,

Products Affected

Vendor Product Version
polycom united_communications_software *
polycom unified_communications_software *
CVE-2019-14259 HIGH

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
polycom obihai_obi1022_firmware 5.1.11
CVE-2021-41322 MEDIUM

Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polycom vvx_400_firmware 5.3.1
polycom vvx_410_firmware 5.3.1