CVE-2021-41322

Опубликовано: 04 окт. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.

Ссылки

https://packetstormsecurity.com/files/140753/Polycom-VVX-Web-Interface-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://support.polycom.com/content/support.html
Vendor Advisory
https://packetstormsecurity.com/files/140753/Polycom-VVX-Web-Interface-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://support.polycom.com/content/support.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:polycom:vvx_400_firmware:5.3.1:*:*:*:*:*:*:*

cpe:2.3:h:polycom:vvx_400:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:polycom:vvx_410_firmware:5.3.1:*:*:*:*:*:*:*

cpe:2.3:h:polycom:vvx_410:-:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00525

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-77p3-pmfw-vf6v