Vulnerabilities > Polycom > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-41322 Unspecified vulnerability in Polycom VVX 400 Firmware and VVX 410 Firmware
Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.
network
low complexity
polycom
8.8
2019-08-01 CVE-2019-14259 OS Command Injection vulnerability in Polycom Obihai Obi1022 Firmware 5.1.11
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
low complexity
polycom CWE-78
7.7
2017-09-19 CVE-2015-4683 Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
network
low complexity
polycom CWE-264
7.5
2017-09-19 CVE-2015-4681 Credentials Management vulnerability in Polycom Realpresence Resource Manager
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
local
low complexity
polycom CWE-255
7.2
2017-08-28 CVE-2015-8300 Permission Issues vulnerability in Polycom Btoe Connector
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
local
low complexity
polycom CWE-275
7.2
2006-10-11 CVE-2006-5233 Denial Of Service vulnerability in Polycom Soundpoint IP 301 1.4.1.0040
Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script.
network
low complexity
polycom
7.8
2003-01-07 CVE-2002-0628 Improper Restriction of Excessive Authentication Attempts vulnerability in Polycom products
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
network
low complexity
polycom CWE-307
7.5