Vulnerabilities > Polycom > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-41322 | Unspecified vulnerability in Polycom VVX 400 Firmware and VVX 410 Firmware Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. | 8.8 |
| 2020-03-12 | CVE-2019-11355 | OS Command Injection vulnerability in Polycom HDX System Software An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. | 7.2 |
| 2020-01-28 | CVE-2012-6610 | OS Command Injection vulnerability in Polycom HDX Video END Points and UC APL Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature. | 8.8 |
| 2020-01-28 | CVE-2012-6609 | Path Traversal vulnerability in Polycom HDX Video END Points and UC APL Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2019-08-01 | CVE-2019-14259 | OS Command Injection vulnerability in Polycom Obihai Obi1022 Firmware 5.1.11 On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 8.0 |
| 2019-07-29 | CVE-2019-12948 | Exposed Dangerous Method or Function vulnerability in Polycom Unified Communications Software A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code. | 8.3 |
| 2018-06-20 | CVE-2018-12592 | Information Exposure vulnerability in Polycom Realpresence web Suite Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). | 7.5 |
| 2018-03-07 | CVE-2018-7565 | Cross-Site Request Forgery (CSRF) vulnerability in Polycom QDX 6000 Firmware CSRF exists on Polycom QDX 6000 devices. | 8.8 |
| 2017-09-19 | CVE-2015-4685 | Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration. | 7.0 |
| 2017-09-19 | CVE-2015-4681 | Credentials Management vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | 7.8 |