Known Vulnerabilities for products from Polycom
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Polycom".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Polycom can be found at device.report : Polycom
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-41322 | Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during t... | 8.8 - HIGH | 2021-10-04 | 2023-08-08 |
| CVE-2019-14259 | On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NT... | 8 - HIGH | 2019-08-01 | 2020-08-24 |
| CVE-2019-12948 | A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones runni... | 8.3 - HIGH | 2019-07-29 | 2019-08-06 |
| CVE-2019-11355 | An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client... | 7.2 - HIGH | 2020-03-12 | 2020-03-18 |
| CVE-2019-10689 | VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application ver... | 6.5 - MEDIUM | 2019-06-24 | 2019-06-27 |
| CVE-2019-10688 | VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) app... | 6.8 - MEDIUM | 2019-04-23 | 2019-06-17 |
| CVE-2018-18568 | Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential inf... | 5.9 - MEDIUM | 2018-10-24 | 2021-06-15 |
| CVE-2018-18566 | The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone c... | 5.3 - MEDIUM | 2018-10-24 | 2021-06-15 |
| CVE-2018-15128 | An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A re... | 9.8 - CRITICAL | 2019-05-13 | 2019-05-14 |
| CVE-2018-14935 | The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | 6.1 - MEDIUM | 2018-11-15 | 2018-12-17 |
| CVE-2018-14934 | The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can conn... | 6.5 - MEDIUM | 2018-11-15 | 2019-10-03 |
| CVE-2018-12592 | Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the ... | 7.5 - HIGH | 2018-06-20 | 2018-08-23 |
| CVE-2018-10947 | An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only af... | 3.1 - LOW | 2019-06-13 | 2019-06-17 |
| CVE-2018-10946 | An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrar... | 6.8 - MEDIUM | 2019-06-13 | 2020-08-24 |
| CVE-2018-7565 | CSRF exists on Polycom QDX 6000 devices. | 8.8 - HIGH | 2018-03-07 | 2018-03-26 |
| CVE-2018-7564 | Stored XSS exists on Polycom QDX 6000 devices. | 6.1 - MEDIUM | 2018-03-07 | 2018-03-26 |
| CVE-2017-12857 | Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5... | 8.8 - HIGH | 2017-08-25 | 2017-09-13 |
| CVE-2015-8300 | Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom b... | 7.8 - HIGH | 2017-08-28 | 2018-09-26 |
| CVE-2015-4685 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privil... | 7 - HIGH | 2017-09-19 | 2018-10-09 |
| CVE-2015-4684 | Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote ... | 6.5 - MEDIUM | 2017-09-19 | 2018-10-09 |
Known software with vulnerabilities from Polycom
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Polycom | Better Together Over Ethernet Connector | 3.7.0 |
| Application | Polycom | Cma System Software | 5.2.0j |
| Hardware | Polycom | Converged Management Application 4000 | - |
| Hardware | Polycom | Converged Management Application 5000 | - |
| Application | Polycom | Datastore | 5.22.109.0 |
| Hardware | Polycom | Distributed Media Application 7000 | - |
| Application | Polycom | Dma System Software | 2.1.0j |
| Application | Polycom | Global Management System | 7.0.0 |
| Application | Polycom | Group Series | 4.0.0 |
| Application | Polycom | Hdx | - |
| Hardware | Polycom | Hdx 4002 | - |
| Hardware | Polycom | Hdx 4500 | - |
| Hardware | Polycom | Hdx 6000 | - |
| Hardware | Polycom | Hdx 7001 | - |
| Hardware | Polycom | Hdx 7002 | - |
| Hardware | Polycom | Hdx 8000 | - |
| Hardware | Polycom | Hdx 8002 | - |
| Hardware | Polycom | Hdx 8004 | - |
| Hardware | Polycom | Hdx 8006 | - |
| Hardware | Polycom | Hdx 9002 | - |