Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-12857

Опубликовано: 25 авг. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 4
EPSS Низкий

Описание

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
Версия до 4.0.11 (включая)
cpe:2.3:h:polycom:soundstation_ip:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
Версия до 5.4.6 (включая)
cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
Версия до 5.5.1 (включая)
cpe:2.3:h:polycom:vvx:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
Версия до 5.4.4 (включая)
cpe:2.3:h:polycom:realpresence_trio:-:*:*:*:*:*:*:*

EPSS

Процентиль: 60%
0.00404
Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-66pc-jh3g-9256

CVSS3: 8.8
github
больше 3 лет назад

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.

EPSS

Процентиль: 60%
0.00404
Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200