206 matches found
CVE-2023-4467
CVE-2023-4467 affects Poly Trio 8800, version 7.2.6.0019, in the Test Automation Mode component. Multiple sources describe a backdoor that can be triggered on the physical device, with the exploit publicly disclosed. Red Hat and CVE listings corroborate the issue, and a PoC/exploit for Telnet/roo...
CVE-2023-4466 Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. Th...
CVE-2023-4466
CVE-2023-4466 affects Poly CCX 400/600, Trio 8800/C60 Web Interface. The vulnerability in the Web Interface enables remote manipulation that causes protection mechanism failure. No explicit patch is provided; remediation involves removing vulnerable builds from public servers. Exploit has been di...
CVE-2023-4465
The CVE-2023-4465 issue affects Poly Trio and VVX/CCX devices (e.g., Trio 8300/8500/8800, Trio C60, CCX 350/400/500/505/600/700, EDGE series, VVX 101/150/201/250/300/301/310/311/350/400/401/410/411/450/500/501/600/601). The root cause is an insufficient check in the Configuration File Import comp...
CVE-2023-4464 Poly VVX 601 Diagnostic Telnet Mode os command injection
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201,...
CVE-2023-4464
CVE-2023-4464 affects Poly VVX 601 and a broad set of Poly Trio/CCX/EDGE/VVX devices. The root cause is a vulnerability in the Diagnostic Telnet Mode component that allows operating system command injection due to inadequate input handling. Exploitation is possible remotely, and public exploit/ad...
CVE-2023-4463
The CVE-2023-4463 entry affects Poly CCX 400, CCX 600, Trio 8800, and Trio C60. The vulnerability is in the HTTP Header Handler component, where manipulating the Cookie argument can cause denial of service. Exploitation can be performed remotely, and public disclosure of the exploit is noted. Con...
CVE-2023-4462
CVE-2023-4462 affects Poly Trio/CCX/VVX devices (e.g., Trio 8300/8500/8800, C60, CCX 350/400/500/505/600/700, EDGE E100/E220/E300/E320/E350/E400/E450/E500/E550, VVX series 101/150/201/250/300/301/310/311/350/400/401/410/411/450/500/501/600/601). The issue resides in the Web Configuration Applicat...
CVE-2023-4462 Poly VVX 601 Web Configuration Application random values
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...
PT-2023-8564 · Poly · Poly Trio 8800
Name of the Vulnerable Software and Affected Versions: Poly Trio 8800 version 7.2.6.0019 Description: A critical issue was found in the Test Automation Mode component of the Poly Trio 8800, which can be manipulated to create a backdoor. The attack can be launched on the physical device...
Poly Trio Security Breach
Poly Trio is a Trio series of business conference phones from Poly USA. A security vulnerability exists in Poly CCX and Trio that stems from a password change vulnerability in the parameter device.auth.localAdminPassword of the Configuration File Import component. Affected products and versions:...
PT-2023-29276 · Poly · Poly Ccx 400 +3
Name of the Vulnerable Software and Affected Versions: Poly CCX 400 affected versions not specified Poly CCX 600 affected versions not specified Poly Trio 8800 affected versions not specified Poly Trio C60 affected versions not specified Description: A vulnerability has been found in the Web...
PT-2023-8292 · Poly · Poly Vvx 311 +36
Name of the Vulnerable Software and Affected Versions: Poly Trio 8300 versions prior to the fixed version Poly Trio 8500 versions prior to the fixed version Poly Trio 8800 versions prior to the fixed version Poly Trio C60 versions prior to the fixed version Poly CCX 350 versions prior to the fixe...
Poly Trio Operating System Command Injection Vulnerability
Poly Trio is a Trio series business conference phone from Poly USA. Poly Trio has an operating system command injection vulnerability that stems from an operating system command injection vulnerability in the Diagnostic Telnet Mode component. Affected products and versions: Poly CCX version 400,...
Poly Trio Security Breach
Poly Trio is a Trio series business conference phone from Poly USA. A security vulnerability exists in Poly Trio 8800 version 7.2.6.0019, which stems from a security flaw in the Test Automation Mode component...
PT-2023-29275 · Poly · Poly Ccx 400 +3
Name of the Vulnerable Software and Affected Versions: Poly CCX 400 affected versions not specified Poly CCX 600 affected versions not specified Poly Trio 8800 affected versions not specified Poly Trio C60 affected versions not specified Description: A vulnerability was found in the HTTP Header...
Poly Trio Security Breach
Poly Trio is a Trio series of business conference phones from Poly USA. Lens is a distribution of the OpenLens repository, which contains Team Lens-specific customizations released under the legacy EULA. A security vulnerability exists in Poly Trio version 8800 and Trio version C60 that stems fro...
PT-2023-8565 · Poly · Poly Lens +3
Name of the Vulnerable Software and Affected Versions: Poly Trio 8500 version unknown Poly Trio 8800 version unknown Poly Trio C60 version unknown Description: A vulnerability was found in the Poly Lens Management Cloud Registration component, affecting an unknown part of it. The manipulation lea...
Poly CCX and Trio Security Vulnerabilities
Poly Trio is a Trio series business conference phone from Poly USA. A security vulnerability exists in Poly CCX and Trio that stems from a denial of service DOS vulnerability in the cookie parameter of the HTTP Header Handler component. Affected products and versions: Poly CCX version 400, CCX...
The vulnerability of the microprogrammed software of the Trio Q, Trio E, and Trio J Ethernet receivers lies in their ability to be redirected to untrusted URL addresses. This allows attackers to redirect users to arbitrary websites.
The vulnerability of the microprogrammed Ethernet receiver software from the Trio Q, Trio E, and Trio J series is related to the ability to redirect users to untrusted URL addresses. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites by sending speciall...