Vulnerabilities > CVE-2019-12948 - Exposed Dangerous Method or Function vulnerability in Polycom Unified Communications Software

CVSS 8.3 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

LOW

network

low complexity

polycom

CWE-749

NVD

Published: 2019-07-29

Updated: 2019-08-06

Summary

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Polycom Polycom Unified Communications Software 4.0.1 Polycom Unified Communications Software 4.0.2 Polycom Unified Communications Software 4.0.5 Polycom Unified Communications Software 4.0.6 Polycom Unified Communications Software 4.0.7 Polycom Unified Communications Software 4.0.8 Polycom Unified Communications Software 4.0.9 Polycom Unified Communications Software 4.0.10 Polycom Unified Communications Software 4.0.11 Polycom Unified Communications Software 4.0.12 Polycom Unified Communications Software 4.0.13 Polycom Unified Communications Software 4.0.14.1580 Polycom Unified Communications Software 4.1.6 Polycom Unified Communications Software 4.1.7 Polycom Unified Communications Software 4.1.8 Polycom Unified Communications Software 5.0.1 Polycom Unified Communications Software 5.0.2 Polycom Unified Communications Software 5.1.1 Polycom Unified Communications Software 5.1.2 Polycom Unified Communications Software 5.1.3 Polycom Unified Communications Software 5.2.0 Polycom Unified Communications Software 5.2.3 Polycom Unified Communications Software 5.2.4 Polycom Unified Communications Software 5.2.5 Polycom Unified Communications Software 5.3.0 Polycom Unified Communications Software 5.3.1 Polycom Unified Communications Software 5.3.2 Polycom Unified Communications Software 5.3.3 Polycom Unified Communications Software 5.4.0 Polycom Unified Communications Software 5.4.0.5841 Polycom Unified Communications Software 5.4.0.10182 Polycom Unified Communications Software 5.4.1 Polycom Unified Communications Software 5.4.2 Polycom Unified Communications Software 5.4.3 Polycom Unified Communications Software 5.4.4 Polycom Unified Communications Software 5.4.5 Polycom Unified Communications Software 5.4.6 Polycom Unified Communications Software 5.4.7 Polycom Unified Communications Software 5.5.0 Polycom Unified Communications Software 5.5.1 Polycom Unified Communications Software 5.5.2 Polycom Unified Communications Software 5.5.3 Polycom Unified Communications Software 5.5.4 Polycom Unified Communications Software 5.6.0 Polycom Unified Communications Software 5.6.1 Polycom Unified Communications Software 5.6.2 Polycom Unified Communications Software 5.6.2.1593 Polycom Unified Communications Software 5.6.4.1088 Polycom Unified Communications Software 5.7.0.14430 Polycom Unified Communications Software 5.7.2.1765 Polycom Unified Communications Software 5.7.3.1797 Polycom Unified Communications Software 5.7.4.0922 Polycom Unified Communications Software 5.8.0.12848 Polycom Unified Communications Software 5.9.3 Polycom Unified Communications Software 6.0.0 Polycom United Communications Software *	56
Hardware	Polycom Polycom C12 - Polycom C16 - Polycom C8 - Polycom Vvx150 - Polycom Vvx201 - Polycom Vvx250 - Polycom Vvx301 - Polycom Vvx311 - Polycom Vvx350 - Polycom Vvx401 - Polycom Vvx411 - Polycom Vvx450 - Polycom Vvx501 - Polycom Vvx601 - Polycom Trio 8500 - Polycom Trio 8800 - Polycom Soundpoint IP 300 - Polycom Soundpoint IP 301 - Polycom Soundpoint IP 320 - Polycom Soundpoint IP 321 - Polycom Soundpoint IP 330 - Polycom Soundpoint IP 331 - Polycom Soundpoint IP 335 - Polycom Soundpoint IP 430 - Polycom Soundpoint IP 450 - Polycom Soundpoint IP 500 - Polycom Soundpoint IP 501 - Polycom Soundpoint IP 550 - Polycom Soundpoint IP 560 - Polycom Soundpoint IP 600 - Polycom Soundpoint IP 601 - Polycom Soundpoint IP 650 - Polycom Soundpoint IP 670 - Polycom Soundpoint PRO SE 220 - Polycom Soundpoint PRO SE 225 - Polycom Soundstation DUO - Polycom Soundstation IP 4000 - Polycom Soundstation IP 5000 - Polycom Soundstation IP 6000 - Polycom Soundstation IP 7000 - Polycom Soundstation IP 7000 Video Integration - Polycom Soundstation VTX 1000 - Polycom Soundstation2 - Polycom Soundstation2 Avaya 2490 - Polycom Soundstation2 Direct Connect FOR Nortel - Polycom Soundstation2W - Polycom Vvx300 - Polycom Vvx310 - Polycom Vvx400 - Polycom Vvx410 - Polycom Vvx500 - Polycom Vvx600 -	52

Common Weakness Enumeration (CWE)

CWE-749 - Exposed Dangerous Method or Function

References

https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf