113 matches found
CVE-2023-4464 Poly VVX 601 Diagnostic Telnet Mode os command injection
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201,...
CVE-2023-4464
CVE-2023-4464 affects Poly VVX 601 and a broad set of Poly Trio/CCX/EDGE/VVX devices. The root cause is a vulnerability in the Diagnostic Telnet Mode component that allows operating system command injection due to inadequate input handling. Exploitation is possible remotely, and public exploit/ad...
CVE-2023-4463 Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...
CVE-2023-4463
The CVE-2023-4463 entry affects Poly CCX 400, CCX 600, Trio 8800, and Trio C60. The vulnerability is in the HTTP Header Handler component, where manipulating the Cookie argument can cause denial of service. Exploitation can be performed remotely, and public disclosure of the exploit is noted. Con...
CVE-2023-4462 Poly VVX 601 Web Configuration Application random values
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...
CVE-2023-4462
CVE-2023-4462 affects Poly Trio/CCX/VVX devices (e.g., Trio 8300/8500/8800, C60, CCX 350/400/500/505/600/700, EDGE E100/E220/E300/E320/E350/E400/E450/E500/E550, VVX series 101/150/201/250/300/301/310/311/350/400/401/410/411/450/500/501/600/601). The issue resides in the Web Configuration Applicat...
Poly CCX and Trio Security Vulnerabilities
Poly Trio is a Trio series business conference phone from Poly USA. A security vulnerability exists in Poly CCX and Trio that stems from a denial of service DOS vulnerability in the cookie parameter of the HTTP Header Handler component. Affected products and versions: Poly CCX version 400, CCX...
Poly Trio Security Breach
Poly Trio is a Trio series of business conference phones from Poly USA. A security vulnerability exists in Poly CCX and Trio that stems from a password change vulnerability in the parameter device.auth.localAdminPassword of the Configuration File Import component. Affected products and versions:...
PT-2023-8292 · Poly · Poly Vvx 311 +36
Name of the Vulnerable Software and Affected Versions: Poly Trio 8300 versions prior to the fixed version Poly Trio 8500 versions prior to the fixed version Poly Trio 8800 versions prior to the fixed version Poly Trio C60 versions prior to the fixed version Poly CCX 350 versions prior to the fixe...
PT-2023-29275 · Poly · Poly Ccx 400 +3
Name of the Vulnerable Software and Affected Versions: Poly CCX 400 affected versions not specified Poly CCX 600 affected versions not specified Poly Trio 8800 affected versions not specified Poly Trio C60 affected versions not specified Description: A vulnerability was found in the HTTP Header...
CVE-2023-20232
A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...
Input validation
A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...
CVE-2023-20232
Cisco Unified Contact Center Express (Unified CCX) is affected by CVE-2023-20232 due to improper input validation in the Tomcat-based web proxy component exposed via the Finesse Portal. The issue allows an unauthenticated, remote attacker to perform a web cache poisoning attack by sending crafted...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacke...
CVE-2023-20096
Cisco Unified Contact Center Express (Unified CCX) contains a stored Cross-Site Scripting (XSS) vulnerability in its web-based management interface due to insufficient input validation. An authenticated, remote attacker could inject crafted input into various management fields to execute scripts ...
CVE-2019-1888
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...
Design/Logic Flaw
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...
CVE-2020-3267 Cisco Unified Contact Center Express Improper API Authorization Vulnerability
A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...
CVE-2020-3267
Cisco Unified Contact Center Express (Unified CCX) is affected by an improper API authorization vulnerability. An authenticated attacker with valid agent credentials can send a crafted API call to change the availability state of any agent, potentially causing a denial of service. Root cause: ins...
CVE-2020-3280
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...