Hardcoded credentials

2019-04-2321:29:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

JSON

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.

CPENameOperatorVersion
better_together_over_ethernet_connectorle3.8.0
unified_communications_softwarele5.8.0

CPE	Name	Operator	Version
	better_together_over_ethernet_connector	le	3.8.0
	unified_communications_software	le	5.8.0

References

support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf