A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
History

Fri, 08 Nov 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp poly Studio G62
Hp poly Studio G62 Firmware
Hp poly Studio G7500
Hp poly Studio G7500 Firmware
Hp poly Studio X30
Hp poly Studio X30 Firmware
Hp poly Studio X50
Hp poly Studio X50 Firmware
Hp poly Studio X52
Hp poly Studio X52 Firmware
Hp poly Studio X70
Hp poly Studio X70 Firmware
Hp poly Tc10
Hp poly Tc10 Firmware
Hp poly Tc8
Hp poly Tc8 Firmware
CPEs cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:poly_studio_g62_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:poly_studio_g7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:poly_studio_x30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:poly_studio_x50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:poly_studio_x52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:poly_studio_x70_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:poly_tc10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:poly_tc8_firmware:*:*:*:*:*:*:*:*
Vendors & Products Hp
Hp poly Studio G62
Hp poly Studio G62 Firmware
Hp poly Studio G7500
Hp poly Studio G7500 Firmware
Hp poly Studio X30
Hp poly Studio X30 Firmware
Hp poly Studio X50
Hp poly Studio X50 Firmware
Hp poly Studio X52
Hp poly Studio X52 Firmware
Hp poly Studio X70
Hp poly Studio X70 Firmware
Hp poly Tc10
Hp poly Tc10 Firmware
Hp poly Tc8
Hp poly Tc8 Firmware

Tue, 05 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Poly
Poly g7500 Firmware
Poly studio G62 Firmware
Poly studio X30 Firmware
Poly studio X50 Firmware
Poly studio X52 Firmware
Poly studio X70 Firmware
Poly tc10 Firmware
Poly tc8 Firmware
CPEs cpe:2.3:o:poly:g7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:poly:studio_g62_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:poly:studio_x30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:poly:studio_x50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:poly:studio_x52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:poly:studio_x70_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:poly:tc10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:poly:tc8_firmware:*:*:*:*:*:*:*:*
Vendors & Products Poly
Poly g7500 Firmware
Poly studio G62 Firmware
Poly studio X30 Firmware
Poly studio X50 Firmware
Poly studio X52 Firmware
Poly studio X70 Firmware
Poly tc10 Firmware
Poly tc8 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 05 Nov 2024 16:30:00 +0000

Type Values Removed Values Added
Description A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
Title Certain Poly Video Conference Devices – Potential Remote Code Execution
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published: 2024-11-05T16:22:01.465Z

Updated: 2024-11-05T19:32:25.537Z

Reserved: 2024-10-07T13:24:15.881Z

Link: CVE-2024-9579

cve-icon Vulnrichment

Updated: 2024-11-05T19:32:11.055Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-05T17:15:07.667

Modified: 2024-11-08T18:08:02.683

Link: CVE-2024-9579

cve-icon Redhat

No data.