CVE-2019-10689

Published: Jun 24, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.

Affected (2)

Products: Polycom: Better Together Over Ethernet Connector, Unified Communications Software

2 products

Better Together Over Ethernet Connector

Unified Communications Software

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Polycom Better Together Over Ethernet Connector	Up to 3.9.1
Polycom Unified Communications Software	Up to 5.9.2

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www.securityfocus.com/bid/108799

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/108799

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.