Skip to main content

Poly Voice EUVDEUVD-2026-33658

| CVE-2026-0826 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-06-01 hp-security-alert@hp.com GHSA-7v6x-2q5v-c59f
9.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 01, 2026 - 16:01 EUVD
Analysis Generated
Jun 01, 2026 - 15:30 vuln.today
CVE Published
Jun 01, 2026 - 15:16 nvd
CRITICAL 9.2

DescriptionCVE.org

In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform.

AnalysisAI

Remote code execution in Poly Voice products on Linux is possible through a stack-based buffer overflow reachable when administrators enable Interactive Connectivity Establishment (ICE). Unauthenticated network attackers can trigger the flaw without user interaction, and no public exploit has been identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify ICE-enabled Poly Voice endpoint
Delivery
Send crafted ICE candidate packet
Exploit
Overflow stack buffer in parser
Execution
Overwrite saved return address
Persist
Execute shellcode as service process
Impact
Pivot into VoIP network

Vulnerability AssessmentAI

Exploitation The administrator must have explicitly enabled the Interactive Connectivity Establishment (ICE) feature on the Poly Voice device - this is the AT:P attack requirement encoded in the CVSS vector and is the gating precondition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N) and high VC/VI/VA scores describe an unauthenticated, low-complexity network attack with full system impact, which maps to a critical exposure for any Poly Voice device reachable from an attacker-controlled network. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker reachable on the network sends a malformed ICE candidate exchange to a Poly Voice endpoint that has ICE enabled, overflowing a stack buffer in the signaling parser and overwriting the return address to redirect execution into attacker-controlled shellcode. Because the flaw is pre-authentication and requires no user interaction, an external attacker who can route packets to the device's media/signaling port could pivot from a single crafted packet to full code execution on the Linux-based phone. …
Remediation Apply the firmware update referenced in HP advisory HPSBPY04083 at https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083 - exact fixed firmware version is not stated in the supplied intelligence, so verify the target build against the vendor advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

WITHIN 24 HOURS: Identify all Poly Voice systems on Linux with ICE enabled; prioritize those with external network exposure; disable ICE if operationally feasible or implement immediate network isolation; contact vendor for patch timeline. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33658 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy