CVE-2018-10946

Опубликовано: 13 июн. 2019

Источник: nvd

CVSS3: 6.8

CVSS2: 2.7

EPSS Низкий

Описание

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.

Ссылки

https://support.polycom.com/PolycomService/home/home.htm
Vendor Advisory
https://support.polycom.com/content/dam/polycom-support/global/documentation/advisory-rp-debut-vulnerabilities.pdf
Vendor Advisory
https://support.polycom.com/PolycomService/home/home.htm
Vendor Advisory
https://support.polycom.com/content/dam/polycom-support/global/documentation/advisory-rp-debut-vulnerabilities.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:polycom:realpresence_debut_firmware:*:*:*:*:*:*:*:*

Версия до 1.3.0-66872 (исключая)

cpe:2.3:h:polycom:realpresence_debut:-:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00101

Низкий

6.8 Medium

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-g4h5-32g7-8wc2