2 matches found
CVE-2019-11355
An issue was discovered in Poly formerly Polycom HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By...
CVE-2019-11355
Affected software: Polycom HDX 3.1.13. Vulnerability: command injection via a crafted CSR field on the administrator page, where the user-provided value is treated as a shell-script factor value; inserting characters (e.g., a single quote) can cause arbitrary system commands to be executed. Root ...