CVE-2024-9579 - OpenCVE

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Hp	Poly Studio G62 Poly Studio G62 Firmware Poly Studio G7500 Poly Studio G7500 Firmware Poly Studio X30 Poly Studio X30 Firmware Poly Studio X50 Poly Studio X50 Firmware Poly Studio X52 Poly Studio X52 Firmware Poly Studio X70 Poly Studio X70 Firmware Poly Tc10 Poly Tc10 Firmware Poly Tc8 Poly Tc8 Firmware
Poly	G7500 Firmware Studio G62 Firmware Studio X30 Firmware Studio X50 Firmware Studio X52 Firmware Studio X70 Firmware Tc10 Firmware Tc8 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hp:poly_tc8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:poly_tc10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:poly_studio_g7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:poly_studio_x30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hp:poly_studio_x50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hp:poly_studio_x70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hp:poly_studio_x52_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hp:poly_studio_g62_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900

History

Fri, 08 Nov 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hp Hp poly Studio G62 Hp poly Studio G62 Firmware Hp poly Studio G7500 Hp poly Studio G7500 Firmware Hp poly Studio X30 Hp poly Studio X30 Firmware Hp poly Studio X50 Hp poly Studio X50 Firmware Hp poly Studio X52 Hp poly Studio X52 Firmware Hp poly Studio X70 Hp poly Studio X70 Firmware Hp poly Tc10 Hp poly Tc10 Firmware Hp poly Tc8 Hp poly Tc8 Firmware
CPEs		cpe:2.3:h:hp:poly_studio_g62:-:::::::* cpe:2.3:h:hp:poly_studio_g7500:-:::::::* cpe:2.3:h:hp:poly_studio_x30:-:::::::* cpe:2.3:h:hp:poly_studio_x50:-:::::::* cpe:2.3:h:hp:poly_studio_x52:-:::::::* cpe:2.3:h:hp:poly_studio_x70:-:::::::* cpe:2.3:h:hp:poly_tc10:-:::::::* cpe:2.3:h:hp:poly_tc8:-:::::::* cpe:2.3:o:hp:poly_studio_g62_firmware:::::::: cpe:2.3:o:hp:poly_studio_g7500_firmware:::::::: cpe:2.3:o:hp:poly_studio_x30_firmware:::::::: cpe:2.3:o:hp:poly_studio_x50_firmware:::::::: cpe:2.3:o:hp:poly_studio_x52_firmware:::::::: cpe:2.3:o:hp:poly_studio_x70_firmware:::::::: cpe:2.3:o:hp:poly_tc10_firmware:::::::: cpe:2.3:o:hp:poly_tc8_firmware::::::::
Vendors & Products		Hp Hp poly Studio G62 Hp poly Studio G62 Firmware Hp poly Studio G7500 Hp poly Studio G7500 Firmware Hp poly Studio X30 Hp poly Studio X30 Firmware Hp poly Studio X50 Hp poly Studio X50 Firmware Hp poly Studio X52 Hp poly Studio X52 Firmware Hp poly Studio X70 Hp poly Studio X70 Firmware Hp poly Tc10 Hp poly Tc10 Firmware Hp poly Tc8 Hp poly Tc8 Firmware

Tue, 05 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Poly Poly g7500 Firmware Poly studio G62 Firmware Poly studio X30 Firmware Poly studio X50 Firmware Poly studio X52 Firmware Poly studio X70 Firmware Poly tc10 Firmware Poly tc8 Firmware
CPEs		cpe:2.3:o:poly:g7500_firmware:::::::: cpe:2.3:o:poly:studio_g62_firmware:::::::: cpe:2.3:o:poly:studio_x30_firmware:::::::: cpe:2.3:o:poly:studio_x50_firmware:::::::: cpe:2.3:o:poly:studio_x52_firmware:::::::: cpe:2.3:o:poly:studio_x70_firmware:::::::: cpe:2.3:o:poly:tc10_firmware:::::::: cpe:2.3:o:poly:tc8_firmware::::::::
Vendors & Products		Poly Poly g7500 Firmware Poly studio G62 Firmware Poly studio X30 Firmware Poly studio X50 Firmware Poly studio X52 Firmware Poly studio X70 Firmware Poly tc10 Firmware Poly tc8 Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 05 Nov 2024 16:30:00 +0000

Type	Values Removed	Values Added
Description		A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
Title		Certain Poly Video Conference Devices – Potential Remote Code Execution
Weaknesses		CWE-77
References		https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2024-11-05T16:22:01.465Z

Updated: 2024-11-05T19:32:25.537Z

Reserved: 2024-10-07T13:24:15.881Z

Link: CVE-2024-9579

Vulnrichment

Updated: 2024-11-05T19:32:11.055Z

NVD

Status : Analyzed

Published: 2024-11-05T17:15:07.667

Modified: 2024-11-08T18:08:02.683

Link: CVE-2024-9579

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object