← Back

Polycom

polycom

39 CVEs • 107 products

Products (107)

Click to collapse
Toggle
Unified Communications Software
unified_communications_software
6 CVEs
Viewstation 128
viewstation_128
5 CVEs
Viewstation 512
viewstation_512
5 CVEs
Viewstation Dcp
viewstation_dcp
5 CVEs
Viewstation Fx Vs4000
viewstation_fx_vs4000
5 CVEs
Viewstation H.323
viewstation_h.323
5 CVEs
Viewstation Mp
viewstation_mp
5 CVEs
Viewstation Sp 384
viewstation_sp_384
5 CVEs
Viewstation V.35
viewstation_v.35
5 CVEs
Realpresence Resource Manager
realpresence_resource_manager
5 CVEs
Hdx System Software
hdx_system_software
3 CVEs
Viavideo
viavideo
2 CVEs
Qdx 6000 Firmware
qdx_6000_firmware
2 CVEs
Vvx 601 Firmware
vvx_601_firmware
2 CVEs
Vvx 500 Firmware
vvx_500_firmware
2 CVEs
Trio 8500 Firmware
trio_8500_firmware
2 CVEs
Better Together Over Ethernet Connector
better_together_over_ethernet_connector
2 CVEs
Realpresence Debut Firmware
realpresence_debut_firmware
2 CVEs
Hdx Video End Points
hdx_video_end_points
2 CVEs
Uc Apl
uc_apl
2 CVEs
Mgc 100
mgc-100
1 CVE
Mgc 25
mgc-25
1 CVE
Mgc 50
mgc-50
1 CVE
Soundpoint Ip 301
soundpoint_ip_301
1 CVE
Soundpoint Ip 650
soundpoint_ip_650
1 CVE
Soundpoint Ip 601
soundpoint_ip_601
1 CVE
Realpresence Cloudaxis Suite
realpresence_cloudaxis_suite
1 CVE
Btoe Connector
btoe_connector
1 CVE
Realpresence Web Suite
realpresence_web_suite
1 CVE
Group Series
group_series
1 CVE
Hdx
hdx
1 CVE
Pano
pano
1 CVE
United Communications Software
united_communications_software
1 CVE
Obihai Obi1022 Firmware
obihai_obi1022_firmware
1 CVE
Vvx 400 Firmware
vvx_400_firmware
1 CVE
Vvx 410 Firmware
vvx_410_firmware
1 CVE
Hdx 4002
hdx_4002
0 CVEs
Hdx 4500
hdx_4500
0 CVEs
Hdx 6000
hdx_6000
0 CVEs
Hdx 7001
hdx_7001
0 CVEs
Hdx 7002
hdx_7002
0 CVEs
Hdx 8002
hdx_8002
0 CVEs
Hdx 8004
hdx_8004
0 CVEs
Hdx 8006
hdx_8006
0 CVEs
Hdx 9002
hdx_9002
0 CVEs
Hdx 9004
hdx_9004
0 CVEs
Hdx 9006
hdx_9006
0 CVEs
Soundstation Ip
soundstation_ip
0 CVEs
Vvx
vvx
0 CVEs
Realpresence Trio
realpresence_trio
0 CVEs
Qdx 6000
qdx_6000
0 CVEs
Vvx 601
vvx_601
0 CVEs
Vvx 500
vvx_500
0 CVEs
Trio 8500
trio_8500
0 CVEs
Realpresence Debut
realpresence_debut
0 CVEs
C12
c12
0 CVEs
C16
c16
0 CVEs
C8
c8
0 CVEs
Vvx150
vvx150
0 CVEs
Vvx201
vvx201
0 CVEs
Vvx250
vvx250
0 CVEs
Vvx301
vvx301
0 CVEs
Vvx311
vvx311
0 CVEs
Vvx350
vvx350
0 CVEs
Vvx401
vvx401
0 CVEs
Vvx411
vvx411
0 CVEs
Vvx450
vvx450
0 CVEs
Vvx501
vvx501
0 CVEs
Vvx601
vvx601
0 CVEs
Trio 8800
trio_8800
0 CVEs
Soundpoint Ip 300
soundpoint_ip_300
0 CVEs
Soundpoint Ip 320
soundpoint_ip_320
0 CVEs
Soundpoint Ip 321
soundpoint_ip_321
0 CVEs
Soundpoint Ip 330
soundpoint_ip_330
0 CVEs
Soundpoint Ip 331
soundpoint_ip_331
0 CVEs
Soundpoint Ip 335
soundpoint_ip_335
0 CVEs
Soundpoint Ip 430
soundpoint_ip_430
0 CVEs
Soundpoint Ip 450
soundpoint_ip_450
0 CVEs
Soundpoint Ip 500
soundpoint_ip_500
0 CVEs
Soundpoint Ip 501
soundpoint_ip_501
0 CVEs
Soundpoint Ip 550
soundpoint_ip_550
0 CVEs
Soundpoint Ip 560
soundpoint_ip_560
0 CVEs
Soundpoint Ip 600
soundpoint_ip_600
0 CVEs
Soundpoint Ip 670
soundpoint_ip_670
0 CVEs
Soundpoint Pro Se 220
soundpoint_pro_se-220
0 CVEs
Soundpoint Pro Se 225
soundpoint_pro_se-225
0 CVEs
Soundstation Duo
soundstation_duo
0 CVEs
Soundstation Ip 4000
soundstation_ip_4000
0 CVEs
Soundstation Ip 5000
soundstation_ip_5000
0 CVEs
Soundstation Ip 6000
soundstation_ip_6000
0 CVEs
Soundstation Ip 7000
soundstation_ip_7000
0 CVEs
Soundstation Ip 7000 Video Integration
soundstation_ip_7000_video_integration
0 CVEs
Soundstation Vtx 1000
soundstation_vtx_1000
0 CVEs
Soundstation2
soundstation2
0 CVEs
Soundstation2 Avaya 2490
soundstation2_avaya_2490
0 CVEs
Soundstation2 Direct Connect For Nortel
soundstation2_direct_connect_for_nortel
0 CVEs
Soundstation2w
soundstation2w
0 CVEs
Vvx300
vvx300
0 CVEs
Vvx310
vvx310
0 CVEs
Vvx400
vvx400
0 CVEs

CVEs (39)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-41322
1Polycom
2Vvx 400 Firmware
Vvx 410 Firmware
Nov 21, 2024
Oct 4, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.
CVE-2019-11355
1Polycom
1Hdx System Software
Nov 21, 2024
Mar 12, 2020
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value rec...Show more
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.Show less
CVE-2012-6611
1Polycom
1Hdx System Software
Nov 21, 2024
Feb 10, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and...Show more
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.Show less
CVE-2012-6610
1Polycom
2Hdx Video End Points
Uc Apl
Nov 21, 2024
Jan 28, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.
CVE-2012-6609
1Polycom
2Hdx Video End Points
Uc Apl
Nov 21, 2024
Jan 28, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
CVE-2019-14259
1Polycom
1Obihai Obi1022 Firmware
Nov 21, 2024
Aug 1, 2019
N/A· v4
8.0 HIGH· v3
7.7 HIGH· v2
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated...Show more
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.Show less
CVE-2019-12948
1Polycom
2Unified Communications Software
United Communications Software
Nov 21, 2024
Jul 29, 2019
N/A· v4
8.3 HIGH· v3
6.5 MEDIUM· v2
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin...Show more
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.Show less
CVE-2019-10689
1Polycom
2Better Together Over Ethernet Connector
Unified Communications Software
Nov 21, 2024
Jun 24, 2019
N/A· v4
6.5 MEDIUM· v3
3.3 LOW· v2
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and th...Show more
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.Show less
CVE-2018-10947
1Polycom
1Realpresence Debut Firmware
Nov 21, 2024
Jun 13, 2019
N/A· v4
3.1 LOW· v3
2.9 LOW· v2
An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.
CVE-2018-10946
1Polycom
1Realpresence Debut Firmware
Nov 21, 2024
Jun 13, 2019
N/A· v4
6.8 MEDIUM· v3
2.7 LOW· v2
An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.
CVE-2018-15128
1Polycom
3Group Series
HdxPano
Nov 21, 2024
May 13, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buff...Show more
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.Show less
CVE-2019-10688
1Polycom
2Better Together Over Ethernet Connector
Unified Communications Software
Nov 21, 2024
Apr 23, 2019
N/A· v4
6.8 MEDIUM· v3
4.6 MEDIUM· v2
VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host applicatio...Show more
VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.Show less
CVE-2018-14935
1Polycom
1Trio 8500 Firmware
Nov 21, 2024
Nov 15, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVE-2018-14934
1Polycom
1Trio 8500 Firmware
Nov 21, 2024
Nov 15, 2018
N/A· v4
6.5 MEDIUM· v3
3.3 LOW· v2
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVE-2018-18568
1Polycom
3Unified Communications Software
Vvx 500 FirmwareVvx 601 Firmware
Nov 21, 2024
Oct 24, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise inst...Show more
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.Show less
CVE-2018-18566
1Polycom
3Unified Communications Software
Vvx 500 FirmwareVvx 601 Firmware
Nov 21, 2024
Oct 24, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Busin...Show more
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.Show less
CVE-2018-12592
1Polycom
1Realpresence Web Suite
Nov 21, 2024
Jun 20, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds...Show more
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view.Show less
CVE-2018-7565
1Polycom
1Qdx 6000 Firmware
Nov 21, 2024
Mar 7, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
CSRF exists on Polycom QDX 6000 devices.
CVE-2018-7564
1Polycom
1Qdx 6000 Firmware
Nov 21, 2024
Mar 7, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Stored XSS exists on Polycom QDX 6000 devices.
CVE-2015-4685
1Polycom
1Realpresence Resource Manager
May 13, 2026
Sep 19, 2017
N/A· v4
7.0 HIGH· v3
4.4 MEDIUM· v2
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.