CVE-2024-9579 - Vulnerability Details

- Certain Poly Video Conference Devices – Potential Remote Code Execution

Description

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

Published: 2024-11-05

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HP, Inc.

Certain Poly Video Conference Devices

unaffected

Version	Status	Constraints
`See HP security bulletin reference for affected versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:hp:poly_tc8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:poly_tc10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:poly_studio_g7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:poly_studio_x30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hp:poly_studio_x50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hp:poly_studio_x70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hp:poly_studio_x52_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hp:poly_studio_g62_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-50032	A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00306.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00098}`	epss `{'score': 0.00107}`

Fri, 08 Nov 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hp Hp poly Studio G62 Hp poly Studio G62 Firmware Hp poly Studio G7500 Hp poly Studio G7500 Firmware Hp poly Studio X30 Hp poly Studio X30 Firmware Hp poly Studio X50 Hp poly Studio X50 Firmware Hp poly Studio X52 Hp poly Studio X52 Firmware Hp poly Studio X70 Hp poly Studio X70 Firmware Hp poly Tc10 Hp poly Tc10 Firmware Hp poly Tc8 Hp poly Tc8 Firmware
CPEs		cpe:2.3:h:hp:poly_studio_g62:-:::::::* cpe:2.3:h:hp:poly_studio_g7500:-:::::::* cpe:2.3:h:hp:poly_studio_x30:-:::::::* cpe:2.3:h:hp:poly_studio_x50:-:::::::* cpe:2.3:h:hp:poly_studio_x52:-:::::::* cpe:2.3:h:hp:poly_studio_x70:-:::::::* cpe:2.3:h:hp:poly_tc10:-:::::::* cpe:2.3:h:hp:poly_tc8:-:::::::* cpe:2.3:o:hp:poly_studio_g62_firmware:::::::: cpe:2.3:o:hp:poly_studio_g7500_firmware:::::::: cpe:2.3:o:hp:poly_studio_x30_firmware:::::::: cpe:2.3:o:hp:poly_studio_x50_firmware:::::::: cpe:2.3:o:hp:poly_studio_x52_firmware:::::::: cpe:2.3:o:hp:poly_studio_x70_firmware:::::::: cpe:2.3:o:hp:poly_tc10_firmware:::::::: cpe:2.3:o:hp:poly_tc8_firmware::::::::
Vendors & Products		Hp Hp poly Studio G62 Hp poly Studio G62 Firmware Hp poly Studio G7500 Hp poly Studio G7500 Firmware Hp poly Studio X30 Hp poly Studio X30 Firmware Hp poly Studio X50 Hp poly Studio X50 Firmware Hp poly Studio X52 Hp poly Studio X52 Firmware Hp poly Studio X70 Hp poly Studio X70 Firmware Hp poly Tc10 Hp poly Tc10 Firmware Hp poly Tc8 Hp poly Tc8 Firmware

Tue, 05 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Poly Poly g7500 Firmware Poly studio G62 Firmware Poly studio X30 Firmware Poly studio X50 Firmware Poly studio X52 Firmware Poly studio X70 Firmware Poly tc10 Firmware Poly tc8 Firmware
CPEs		cpe:2.3:o:poly:g7500_firmware:::::::: cpe:2.3:o:poly:studio_g62_firmware:::::::: cpe:2.3:o:poly:studio_x30_firmware:::::::: cpe:2.3:o:poly:studio_x50_firmware:::::::: cpe:2.3:o:poly:studio_x52_firmware:::::::: cpe:2.3:o:poly:studio_x70_firmware:::::::: cpe:2.3:o:poly:tc10_firmware:::::::: cpe:2.3:o:poly:tc8_firmware::::::::
Vendors & Products		Poly Poly g7500 Firmware Poly studio G62 Firmware Poly studio X30 Firmware Poly studio X50 Firmware Poly studio X52 Firmware Poly studio X70 Firmware Poly tc10 Firmware Poly tc8 Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 05 Nov 2024 16:30:00 +0000

Type	Values Removed	Values Added
Description		A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
Title		Certain Poly Video Conference Devices – Potential Remote Code Execution
Weaknesses		CWE-77
References		https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Hp Poly Studio G62 Poly Studio G62 Firmware Poly Studio G7500 Poly Studio G7500 Firmware Poly Studio X30 Poly Studio X30 Firmware Poly Studio X50 Poly Studio X50 Firmware Poly Studio X52 Poly Studio X52 Firmware Poly Studio X70 Poly Studio X70 Firmware Poly Tc10 Poly Tc10 Firmware Poly Tc8 Poly Tc8 Firmware

Poly G7500 Firmware Studio G62 Firmware Studio X30 Firmware Studio X50 Firmware Studio X52 Firmware Studio X70 Firmware Tc10 Firmware Tc8 Firmware

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2024-11-05T16:22:01.465Z

Updated: 2024-11-05T19:32:25.537Z

Reserved: 2024-10-07T13:24:15.881Z

Link: CVE-2024-9579

Vulnrichment

Updated: 2024-11-05T19:32:11.055Z

NVD

Status : Analyzed

Published: 2024-11-05T17:15:07.667

Modified: 2024-11-08T18:08:02.683

Link: CVE-2024-9579

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-77

Tracking

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object