Lucene search

HP Product Security Response TeamHPSBPY03897

HistoryJan 09, 2024 - 12:00 a.m.

UC Software - Improper Input Validation

2024-01-0900:00:00

HP Product Security Response Team

support.hp.com

poly

denial-of-service

vulnerability

input validation

firmware

products

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

22.8%

JSON

A potential vulnerability was discovered in certain Poly devices. A malformed packet sent to the device can result in a Denial-of-Service attack.

HP has identified affected products and corresponding firmware minimum versions that mitigate the potential vulnerabilities. See the affected products listed below.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

22.8%

JSON

Related for HPSBPY03897