Vulnerabilities > Polycom > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-04 | CVE-2021-41322 | Unspecified vulnerability in Polycom VVX 400 Firmware and VVX 410 Firmware Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. | 8.8 |
2019-08-01 | CVE-2019-14259 | OS Command Injection vulnerability in Polycom Obihai Obi1022 Firmware 5.1.11 On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 7.7 |
2017-09-19 | CVE-2015-4683 | Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | 7.5 |
2017-09-19 | CVE-2015-4681 | Credentials Management vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | 7.2 |
2017-08-28 | CVE-2015-8300 | Permission Issues vulnerability in Polycom Btoe Connector Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | 7.2 |
2006-10-11 | CVE-2006-5233 | Denial Of Service vulnerability in Polycom Soundpoint IP 301 1.4.1.0040 Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | 7.8 |
2003-01-07 | CVE-2002-0628 | Improper Restriction of Excessive Authentication Attempts vulnerability in Polycom products The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | 7.5 |