PolycomCVEs & Vulnerabilities

39 CVEs affecting Polycom products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

hdx system software 16viewstation mp 10viewstation dcp 10viewstation h.323 10viewstation 512 10viewstation 128 10viewstation sp 384 10viewstation v.35 10
CVE-2021-41322HIGH

Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.

4 Oct 2021
8.8
CVSS
CVE-2019-11355HIGH

An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.

13 Mar 2020
7.2
CVSS
CVE-2012-6611CRITICAL

An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.

10 Feb 2020
9.8
CVSS
CVE-2012-6610HIGH

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.

28 Jan 2020
8.8
CVSS
CVE-2012-6609HIGH

Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.

28 Jan 2020
7.5
CVSS
CVE-2019-14259HIGH

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.

1 Aug 2019
8.0
CVSS
CVE-2019-12948HIGH

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

29 Jul 2019
8.3
CVSS
CVE-2019-10689MEDIUM

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.

25 Jun 2019
6.5
CVSS
CVE-2018-10947LOW

An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.

13 Jun 2019
3.1
CVSS
CVE-2018-10946MEDIUM

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.

13 Jun 2019
6.8
CVSS
CVE-2018-15128CRITICAL

An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.

13 May 2019
9.8
CVSS
CVE-2019-10688MEDIUM

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.

24 Apr 2019
6.8
CVSS
CVE-2018-14935MEDIUM

The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.

15 Nov 2018
6.1
CVSS
CVE-2018-14934MEDIUM

The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.

15 Nov 2018
6.5
CVSS
CVE-2018-18568MEDIUM

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.

25 Oct 2018
5.9
CVSS
CVE-2018-18566MEDIUM

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.

25 Oct 2018
5.3
CVSS
CVE-2018-12592HIGH

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view.

20 Jun 2018
7.5
CVSS
CVE-2018-7565HIGH

CSRF exists on Polycom QDX 6000 devices.

7 Mar 2018
8.8
CVSS
CVE-2018-7564MEDIUM

Stored XSS exists on Polycom QDX 6000 devices.

7 Mar 2018
6.1
CVSS
CVE-2015-4685HIGHpoc

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

19 Sep 2017
7.0
CVSS
CVE-2015-4684MEDIUMpoc

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.

19 Sep 2017
6.5
CVSS
CVE-2015-4683CRITICALpoc

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

19 Sep 2017
9.8
CVSS
CVE-2015-4682MEDIUMpoc

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.

19 Sep 2017
6.5
CVSS
CVE-2015-4681HIGHpoc

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.

19 Sep 2017
7.8
CVSS
CVE-2015-8300HIGH

Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.

29 Aug 2017
7.8
CVSS
CVE-2017-12857HIGH

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.

25 Aug 2017
8.8
CVSS
CVE-2015-1516LOW

Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3 Sep 2015
3.5
CVSS
CVE-2012-4970MEDIUM

Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

1 Jan 2013
4.3
CVSS
CVE-2007-3368HIGH

Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.

22 Jun 2007
7.8
CVSS
CVE-2007-3369HIGH

Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header.

22 Jun 2007
7.8
CVSS
CVE-2006-5233HIGH

Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script.

11 Oct 2006
7.8
CVSS
CVE-2003-0556MEDIUM

Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.

18 Aug 2003
5.0
CVSS
CVE-2002-0626CRITICAL

Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.

7 Jan 2003
10.0
CVSS
CVE-2002-0627HIGH

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.

7 Jan 2003
7.5
CVSS
CVE-2002-0628HIGH

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.

7 Jan 2003
7.5
CVSS
CVE-2002-0629MEDIUM

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.

7 Jan 2003
5.0
CVSS
CVE-2002-0630MEDIUM

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.

7 Jan 2003
5.0
CVSS
CVE-2002-1906MEDIUMpoc

The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.

31 Dec 2002
5.0
CVSS
CVE-2002-1905MEDIUMpoc

Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.

31 Dec 2002
5.0
CVSS
← PrevPage 1 / 1Next →