Vulnerabilities > CVE-2019-12948 - Exposed Dangerous Method or Function vulnerability in Polycom products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

polycom

CWE-749

NVD

Published: 2019-07-29

Updated: 2019-08-06

Summary

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Polycom Polycom Unified Communications Software * Polycom United Communications Software *	2
Hardware	Polycom Polycom C12 - Polycom C16 - Polycom C8 - Polycom Vvx150 - Polycom Vvx201 - Polycom Vvx250 - Polycom Vvx301 - Polycom Vvx311 - Polycom Vvx350 - Polycom Vvx401 - Polycom Vvx411 - Polycom Vvx450 - Polycom Vvx501 - Polycom Vvx601 - Polycom Trio 8500 - Polycom Trio 8800 - Polycom Soundpoint IP 300 - Polycom Soundpoint IP 301 - Polycom Soundpoint IP 320 - Polycom Soundpoint IP 321 - Polycom Soundpoint IP 330 - Polycom Soundpoint IP 331 - Polycom Soundpoint IP 335 - Polycom Soundpoint IP 430 - Polycom Soundpoint IP 450 - Polycom Soundpoint IP 500 - Polycom Soundpoint IP 501 - Polycom Soundpoint IP 550 - Polycom Soundpoint IP 560 - Polycom Soundpoint IP 600 - Polycom Soundpoint IP 601 - Polycom Soundpoint IP 650 - Polycom Soundpoint IP 670 - Polycom Soundpoint PRO SE 220 - Polycom Soundpoint PRO SE 225 - Polycom Soundstation2 - Polycom Soundstation2 Avaya 2490 - Polycom Soundstation2 Direct Connect FOR Nortel - Polycom Soundstation2W - Polycom Soundstation DUO - Polycom Soundstation IP 4000 - Polycom Soundstation IP 5000 - Polycom Soundstation IP 6000 - Polycom Soundstation IP 7000 - Polycom Soundstation IP 7000 Video Integration - Polycom Soundstation VTX 1000 - Polycom Vvx300 - Polycom Vvx310 - Polycom Vvx400 - Polycom Vvx410 - Polycom Vvx500 - Polycom Vvx600 -	52

Common Weakness Enumeration (CWE)

CWE-749 - Exposed Dangerous Method or Function

References

https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf