← Back

CVE-2018-18566

nvd nist
Published: Oct 24, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.

Affected (3)

Polycom
3 products
Unified Communications Software
Vvx 601 Firmware
Vvx 500 Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Unified Communications Software
Up to 5.8.0.12848
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vvx 601 Firmware
All versions
Running on/withPlatform Versions
Polycom
Vvx 601
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vvx 500 Firmware
All versions
Running on/withPlatform Versions
Polycom
Vvx 500
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.