Skip to main content

Unified Communications Software

6 CVEs product

Monthly

CVE-2019-12948 HIGH This Week

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Unified Communications Software United Communications Software
NVD
CVSS 3.0
8.3
EPSS
1.7%
CVE-2019-10689 MEDIUM This Month

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Better Together Over Ethernet Connector Unified Communications Software
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-10688 MEDIUM This Month

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unified Communications Software Better Together Over Ethernet Connector
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2018-18568 MEDIUM POC This Month

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Unified Communications Software Vvx 601 Firmware Vvx 500 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2018-18566 MEDIUM POC This Month

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Communications Software Vvx 601 Firmware Vvx 500 Firmware
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2017-12857 HIGH This Week

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unified Communications Software
NVD
CVSS 3.0
8.8
EPSS
0.3%
EPSS 2% CVSS 8.3
HIGH This Week

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Unified Communications Software +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Better Together Over Ethernet Connector Unified Communications Software
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unified Communications Software Better Together Over Ethernet Connector
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Unified Communications Software Vvx 601 Firmware +1
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Communications Software Vvx 601 Firmware +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unified Communications Software
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy