CVE-2019-12948

Published: Jul 29, 2019Modified: Nov 21, 2024

8.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Exploitability: 2.8 / Impact: 5.5

Source: NVD

Description

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

Affected (5)

Products: Polycom: Unified Communications Software, United Communications Software

Polycom

2 products

Unified Communications Software

United Communications Software

Configuration A

1 vulnerable · 14 platform

Vulnerable Software	Affected Versions
Polycom Unified Communications Software	From 6.0.0 to 6.0.0.4839

Running on/with	Platform Versions
Polycom C12	All versions
Polycom C16	All versions
Polycom C8	All versions
Polycom Vvx150	All versions
Polycom Vvx201	All versions
Polycom Vvx250	All versions
Polycom Vvx301	All versions
Polycom Vvx311	All versions
Polycom Vvx350	All versions
Polycom Vvx401	All versions
Polycom Vvx411	All versions
Polycom Vvx450	All versions
Polycom Vvx501	All versions
Polycom Vvx601	All versions

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Polycom United Communications Software	Before 5.9.0

Running on/with	Platform Versions
Polycom Trio 8500	All versions
Polycom Trio 8800	All versions

Configuration C

1 vulnerable · 30 platform

Vulnerable Software	Affected Versions
Polycom United Communications Software	Before 4.0.14.1580

Running on/with	Platform Versions
Polycom Soundpoint Ip 300	All versions
Polycom Soundpoint Ip 301	All versions
Polycom Soundpoint Ip 320	All versions
Polycom Soundpoint Ip 321	All versions
Polycom Soundpoint Ip 330	All versions
Polycom Soundpoint Ip 331	All versions
Polycom Soundpoint Ip 335	All versions
Polycom Soundpoint Ip 430	All versions
Polycom Soundpoint Ip 450	All versions
Polycom Soundpoint Ip 500	All versions
Polycom Soundpoint Ip 501	All versions
Polycom Soundpoint Ip 550	All versions
Polycom Soundpoint Ip 560	All versions
Polycom Soundpoint Ip 600	All versions
Polycom Soundpoint Ip 601	All versions
Polycom Soundpoint Ip 650	All versions
Polycom Soundpoint Ip 670	All versions
Polycom Soundpoint Pro Se 220	All versions
Polycom Soundpoint Pro Se 225	All versions
Polycom Soundstation2	All versions
Polycom Soundstation2 Avaya 2490	All versions
Polycom Soundstation2 Direct Connect For Nortel	All versions
Polycom Soundstation2w	All versions
Polycom Soundstation Duo	All versions
Polycom Soundstation Ip 4000	All versions
Polycom Soundstation Ip 5000	All versions
Polycom Soundstation Ip 6000	All versions
Polycom Soundstation Ip 7000	All versions
Polycom Soundstation Ip 7000 Video Integration	All versions
Polycom Soundstation Vtx 1000	All versions

Configuration D

2 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Polycom Unified Communications Software	Before 5.8.5.1256
Polycom Unified Communications Software	From 5.9.3 to 5.9.3.2857

Running on/with	Platform Versions
Polycom Vvx300	All versions
Polycom Vvx310	All versions
Polycom Vvx400	All versions
Polycom Vvx410	All versions
Polycom Vvx500	All versions
Polycom Vvx600	All versions

Related CWEs

CWE-749

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (2)

https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf

Source: cve@mitre.org

Vendor Advisory

https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.