Known Vulnerabilities for products from Polycom
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Polycom".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Polycom can be found at device.report : Polycom
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-41322 json | Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during t... | 8.8 - HIGH | 2021-10-04 | 2023-08-08 |
| CVE-2019-14259 json | On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NT... | 8 - HIGH | 2019-08-01 | 2020-08-24 |
| CVE-2019-12948 json | A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones runni... | 8.3 - HIGH | 2019-07-29 | 2019-08-06 |
| CVE-2019-11355 json | An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client... | 7.2 - HIGH | 2020-03-12 | 2020-03-18 |
| CVE-2019-10689 json | VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application ver... | 6.5 - MEDIUM | 2019-06-24 | 2019-06-27 |
| CVE-2019-10688 json | VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) app... | 6.8 - MEDIUM | 2019-04-23 | 2019-06-17 |
| CVE-2018-18568 json | Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential inf... | 5.9 - MEDIUM | 2018-10-24 | 2021-06-15 |
| CVE-2018-18566 json | The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone c... | 5.3 - MEDIUM | 2018-10-24 | 2021-06-15 |
| CVE-2018-15128 json | An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A re... | 9.8 - CRITICAL | 2019-05-13 | 2019-05-14 |
| CVE-2018-14935 json | The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | 6.1 - MEDIUM | 2018-11-15 | 2018-12-17 |
| CVE-2018-14934 json | The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can conn... | 6.5 - MEDIUM | 2018-11-15 | 2019-10-03 |
| CVE-2018-12592 json | Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the ... | 7.5 - HIGH | 2018-06-20 | 2018-08-23 |
| CVE-2018-10947 json | An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only af... | 3.1 - LOW | 2019-06-13 | 2019-06-17 |
| CVE-2018-10946 json | An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrar... | 6.8 - MEDIUM | 2019-06-13 | 2020-08-24 |
| CVE-2018-7565 json | CSRF exists on Polycom QDX 6000 devices. | 8.8 - HIGH | 2018-03-07 | 2018-03-26 |
| CVE-2018-7564 json | Stored XSS exists on Polycom QDX 6000 devices. | 6.1 - MEDIUM | 2018-03-07 | 2018-03-26 |
| CVE-2017-12857 json | Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5... | 8.8 - HIGH | 2017-08-25 | 2017-09-13 |
| CVE-2015-8300 json | Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom b... | 7.8 - HIGH | 2017-08-28 | 2018-09-26 |
| CVE-2015-4685 json | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privil... | 7 - HIGH | 2017-09-19 | 2018-10-09 |
| CVE-2015-4684 json | Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote ... | 6.5 - MEDIUM | 2017-09-19 | 2018-10-09 |
Known software with vulnerabilities from Polycom
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Polycom | Better Together Over Ethernet Connector | 3.7.0 |
| Application | Polycom | Cma System Software | 5.2.0j |
| Hardware | Polycom | Converged Management Application 4000 | - |
| Hardware | Polycom | Converged Management Application 5000 | - |
| Application | Polycom | Datastore | 5.22.109.0 |
| Hardware | Polycom | Distributed Media Application 7000 | - |
| Application | Polycom | Dma System Software | 2.1.0j |
| Application | Polycom | Global Management System | 7.0.0 |
| Application | Polycom | Group Series | 4.0.0 |
| Application | Polycom | Hdx | - |
| Hardware | Polycom | Hdx 4002 | - |
| Hardware | Polycom | Hdx 4500 | - |
| Hardware | Polycom | Hdx 6000 | - |
| Hardware | Polycom | Hdx 7001 | - |
| Hardware | Polycom | Hdx 7002 | - |
| Hardware | Polycom | Hdx 8000 | - |
| Hardware | Polycom | Hdx 8002 | - |
| Hardware | Polycom | Hdx 8004 | - |
| Hardware | Polycom | Hdx 8006 | - |
| Hardware | Polycom | Hdx 9002 | - |