CVE-2019-14259

CVE-2019-14259 affects the Polycom Obihai Obi1022 VoIP phone (firmware 5.1.11). The issue is a command injection due to missing input validation in the NTP server IP address field of the "Time Service Settings web" interface. An authenticated remote attacker on the same network can trigger OS com...

CVE-2019-12948

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service DoS condition or execute arbitrary co...

CVE-2019-12948

The CVE-2019-12948 entry concerns Polycom UC Software web-based management on VVX, Trio, SoundStructure, SoundPoint and SoundStation phones. A vulnerability exists in the web interface that, when exploited by an authenticated admin, could cause DoS or allow arbitrary code execution. Documents con...

Design/Logic Flaw

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI...

Design/Logic Flaw

An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted...

CVE-2018-10947

CVE-2018-10947 affects Polycom RealPresence Debut before version 1.3.2. The root cause is that the admin cookie is reset only after a Debut device is rebooted, leaving session handling unchanged until reboot. Impact details in the provided sources are limited to this behavior; no exploitation spe...

CVE-2018-10946

Polycom RealPresence Debut vulnerable in versions earlier than 1.3.0-66872. The flaw lets an attacker read the admin user’s password via the admin web UI. Affected component is the device’s admin interface; root cause involves unsafe password exposure in the UI flow. Impacts include confidentiali...

Remote code execution

An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets...

CVE-2018-15128

CVE-2018-15128 affects Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. The issue is a remote code execution in the content sharing feature caused by a buffer overflow triggered by crafted packets. The available documents identify the products and vuln...

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...

Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability

Exploit for hardware platform in category local exploits Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: OWNIP=192.168.100.102 if -z "$1" then echo "Please enter an IPv4 address as target" exit else...

CVE-2018-18568

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business...

Design/Logic Flaw

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business...

CVE-2018-18566

Polycom VVX 500/601 devices (firmware

CVE-2018-18568

Polycom VVX 500/601 devices (affected versions

Code injection

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting when the user has explicitly chosen to turn off the video using a specific option. During those seconds, a meeting invitee may unknowingly be on camera with other participants able t...

CVE-2018-12592

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting when the user has explicitly chosen to turn off the video using a specific option. During those seconds, a meeting invitee may unknowingly be on camera with other participants able t...

CVE-2018-12592

CVE-2018-12592 affects Polycom RealPresence Web Suite prior to 2.2.0. The issue is that the system fails to block a user’s video for a few seconds when joining a meeting if the user has explicitly disabled video via a specific option, potentially exposing an active video stream to other participa...

CVE-2018-7565

CSRF exists on Polycom QDX 6000 devices...

Polycom Shell HDX Series - Traceroute Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Polycom Shell HDX Series Traceroute Command Execution', 'Description' = %q Within Polycom command shell, a command execution flaw exists in lan...