Impact
Poly Voice IP devices, including HP CCX, Trio, and Edge E, can become inoperable when they connect to a malicious SIP server that sends malformed data. The flaw leads to a denial of service because the devices cannot process the incorrect input, potentially rendering them offline. The underlying weakness corresponds to CWE‑400: Uncontrolled Resource Consumption.
Affected Systems
The affected devices are HP Inc’s CCX series, HP Inc:Trio C60, and Edge E voice IP products. Specific firmware or software version numbers are not listed in the advisory, so all current models running the described firmware are potentially impacted.
Risk and Exploitability
The vulnerability carries a CVSS score of 8.2, indicating high severity. No EPSS score is provided, reflecting limited publicly available exploitation data. It is not currently listed in the CISA KEV catalog. Attackers would need to control a SIP server that the target devices communicate with, and send specially crafted malformed packets. Once in contact, the device may crash or hang, denying service to legitimate users. The condition is remote but requires that the device trust and connect to the malicious server.
OpenCVE Enrichment