Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform.
AnalysisAI
Remote code execution in Poly Voice products on Linux is possible through a stack-based buffer overflow reachable when administrators enable Interactive Connectivity Establishment (ICE). Unauthenticated network attackers can trigger the flaw without user interaction, and no public exploit has been identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The administrator must have explicitly enabled the Interactive Connectivity Establishment (ICE) feature on the Poly Voice device - this is the AT:P attack requirement encoded in the CVSS vector and is the gating precondition. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N) and high VC/VI/VA scores describe an unauthenticated, low-complexity network attack with full system impact, which maps to a critical exposure for any Poly Voice device reachable from an attacker-controlled network. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker reachable on the network sends a malformed ICE candidate exchange to a Poly Voice endpoint that has ICE enabled, overflowing a stack buffer in the signaling parser and overwriting the return address to redirect execution into attacker-controlled shellcode. Because the flaw is pre-authentication and requires no user interaction, an external attacker who can route packets to the device's media/signaling port could pivot from a single crafted packet to full code execution on the Linux-based phone. … |
| Remediation | Apply the firmware update referenced in HP advisory HPSBPY04083 at https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083 - exact fixed firmware version is not stated in the supplied intelligence, so verify the target build against the vendor advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
WITHIN 24 HOURS: Identify all Poly Voice systems on Linux with ICE enabled; prioritize those with external network exposure; disable ICE if operationally feasible or implement immediate network isolation; contact vendor for patch timeline. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33658
GHSA-7v6x-2q5v-c59f