Description
In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable
remote code execution on Poly Voice products on the Linux platform.
Published: 2026-06-01
Score: 9.2 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves a stack-based buffer overflow that can be triggered when Interactive Connectivity Establishment (ICE) is enabled on Poly Voice devices. This flaw allows an attacker to inject arbitrary code, leading to full remote code execution on the Linux platform.

Affected Systems

Affected are HP Inc. Poly Trio 8300, 8500, and 8800 models running Linux. These devices are listed in the vendor product list and the CPE formalism.

Risk and Exploitability

With a CVSS score of 9.2 the flaw is classified as critical. The EPSS score is not available, providing no direct indication of exploitation likelihood, and the vulnerability is not currently listed in CISA's KEV catalog. The attack vector is likely over the network through ICE, meaning that any external or internal user who can reach the ICE service could potentially exploit the overflow.

Generated by OpenCVE AI on June 1, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable Interactive Connectivity Establishment (ICE) if it is not required for operation.
  • Restrict network access to the ICE service using firewalls or VLAN segmentation to limit exposure to trusted hosts.
  • Apply the vendor’s security patch for Poly Trio 8300, 8500, or 8800 as soon as it becomes available from HP support.
  • Monitor HP documentation and vulnerability advisories for updates related to this issue.

Generated by OpenCVE AI on June 1, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform.
Title Poly Voice – Possible Remote Control of Certain Poly Devices
First Time appeared Hp Inc.
Hp Inc. poly Trio 8300
Hp Inc. poly Trio 8500
Hp Inc. poly Trio 8800
Weaknesses CWE-121
CPEs cpe:2.3:h:hp_inc.:poly_trio_8300:*:*:linux:*:*:*:*:*
cpe:2.3:h:hp_inc.:poly_trio_8500:*:*:linux:*:*:*:*:*
cpe:2.3:h:hp_inc.:poly_trio_8800:*:*:linux:*:*:*:*:*
Vendors & Products Hp Inc.
Hp Inc. poly Trio 8300
Hp Inc. poly Trio 8500
Hp Inc. poly Trio 8800
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hp Inc. Poly Trio 8300 Poly Trio 8500 Poly Trio 8800
cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published:

Updated: 2026-06-01T15:32:48.299Z

Reserved: 2026-01-09T19:09:26.210Z

Link: CVE-2026-0826

cve-icon Vulnrichment

Updated: 2026-06-01T15:32:41.926Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T15:16:29.043

Modified: 2026-06-01T17:07:57.203

Link: CVE-2026-0826

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T16:30:06Z

Weaknesses