CVE-2019-12948 - Vulnerability Details

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01194.

Key SSVC decision points have not yet been added.

Vendors	Products
Polycom Subscribe	C12 Subscribe C16 Subscribe C8 Subscribe Soundpoint Ip 300 Subscribe Soundpoint Ip 301 Subscribe Soundpoint Ip 320 Subscribe Soundpoint Ip 321 Subscribe Soundpoint Ip 330 Subscribe Soundpoint Ip 331 Subscribe Soundpoint Ip 335 Subscribe Soundpoint Ip 430 Subscribe Soundpoint Ip 450 Subscribe Soundpoint Ip 500 Subscribe Soundpoint Ip 501 Subscribe Soundpoint Ip 550 Subscribe Soundpoint Ip 560 Subscribe Soundpoint Ip 600 Subscribe Soundpoint Ip 601 Subscribe Soundpoint Ip 650 Subscribe Soundpoint Ip 670 Subscribe Soundpoint Pro Se-220 Subscribe Soundpoint Pro Se-225 Subscribe Soundstation2 Subscribe Soundstation2 Avaya 2490 Subscribe Soundstation2 Direct Connect For Nortel Subscribe Soundstation2w Subscribe Soundstation Duo Subscribe Soundstation Ip 4000 Subscribe Soundstation Ip 5000 Subscribe Soundstation Ip 6000 Subscribe Soundstation Ip 7000 Subscribe Soundstation Ip 7000 Video Integration Subscribe Soundstation Vtx 1000 Subscribe Trio 8500 Subscribe Trio 8800 Subscribe Unified Communications Software Subscribe United Communications Software Subscribe Vvx150 Subscribe Vvx201 Subscribe Vvx250 Subscribe Vvx300 Subscribe Vvx301 Subscribe Vvx310 Subscribe Vvx311 Subscribe Vvx350 Subscribe Vvx400 Subscribe Vvx401 Subscribe Vvx410 Subscribe Vvx411 Subscribe Vvx450 Subscribe Vvx500 Subscribe Vvx501 Subscribe Vvx600 Subscribe Vvx601 Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:o:polycom:unified_communications_software::::::::
	cpe:2.3:o:polycom:unified_communications_software::::::::
	cpe:2.3:o:polycom:unified_communications_software::::::::

OR	cpe:2.3:h:polycom:c12:-:::::::*
	cpe:2.3:h:polycom:c16:-:::::::*
	cpe:2.3:h:polycom:c8:-:::::::*
	cpe:2.3:h:polycom:vvx150:-:::::::*
	cpe:2.3:h:polycom:vvx201:-:::::::*
	cpe:2.3:h:polycom:vvx250:-:::::::*
	cpe:2.3:h:polycom:vvx301:-:::::::*
	cpe:2.3:h:polycom:vvx311:-:::::::*
	cpe:2.3:h:polycom:vvx350:-:::::::*
	cpe:2.3:h:polycom:vvx401:-:::::::*
	cpe:2.3:h:polycom:vvx411:-:::::::*
	cpe:2.3:h:polycom:vvx450:-:::::::*
	cpe:2.3:h:polycom:vvx501:-:::::::*
	cpe:2.3:h:polycom:vvx601:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:polycom:trio_8500:-:::::::*
	cpe:2.3:h:polycom:trio_8800:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:polycom:soundpoint_ip_300:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_301:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_320:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_321:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_330:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_331:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_335:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_430:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_450:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_500:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_501:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_550:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_560:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_600:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_601:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_650:-:::::::*
	cpe:2.3:h:polycom:soundpoint_ip_670:-:::::::*
	cpe:2.3:h:polycom:soundpoint_pro_se-220:-:::::::*
	cpe:2.3:h:polycom:soundpoint_pro_se-225:-:::::::*
	cpe:2.3:h:polycom:soundstation_duo:-:::::::*
	cpe:2.3:h:polycom:soundstation_ip_4000:-:::::::*
	cpe:2.3:h:polycom:soundstation_ip_5000:-:::::::*
	cpe:2.3:h:polycom:soundstation_ip_6000:-:::::::*
	cpe:2.3:h:polycom:soundstation_ip_7000:-:::::::*
	cpe:2.3:h:polycom:soundstation_ip_7000_video_integration:-:::::::*
	cpe:2.3:h:polycom:soundstation_vtx_1000:-:::::::*
	cpe:2.3:h:polycom:soundstation2:-:::::::*
	cpe:2.3:h:polycom:soundstation2_avaya_2490:-:::::::*
	cpe:2.3:h:polycom:soundstation2_direct_connect_for_nortel:-:::::::*
	cpe:2.3:h:polycom:soundstation2w:-:::::::*

Configuration 4 [-]

AND

OR	cpe:2.3:o:polycom:unified_communications_software::::::::
	cpe:2.3:o:polycom:unified_communications_software::::::::

OR	cpe:2.3:h:polycom:vvx300:-:::::::*
	cpe:2.3:h:polycom:vvx310:-:::::::*
	cpe:2.3:h:polycom:vvx400:-:::::::*
	cpe:2.3:h:polycom:vvx410:-:::::::*
	cpe:2.3:h:polycom:vvx500:-:::::::*
	cpe:2.3:h:polycom:vvx600:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-4524	A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-29T15:16:41

Updated: 2024-08-04T23:32:55.646Z

Reserved: 2019-06-24T00:00:00

Link: CVE-2019-12948

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-29T16:15:12.647

Modified: 2024-11-21T04:23:52.900

Link: CVE-2019-12948

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-749

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object