← Back

CVE-2017-12857

nvd nist
Published: Aug 25, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.

Affected (4)

Polycom
1 product
Unified Communications Software
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Communications Software
Up to 4.0.11
Running on/withPlatform Versions
Polycom
Soundstation Ip
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Polycom
Unified Communications Software
Up to 5.4.6
Unified Communications Software
Up to 5.5.1
Running on/withPlatform Versions
Polycom
Vvx
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Communications Software
Up to 5.4.4
Running on/withPlatform Versions
Polycom
Realpresence Trio
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: cve@mitre.org
MitigationVendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.