CVE Tools

polycom

CommunicationsUScommercial

21

Cumulative CVEs

10

Monthly snapshots

#4

Peak rank

Top products

qdx 6000 firmware2

Latest CVEs

The 15 most recently published vulnerabilities affecting polycom.

CVE-2021-41322Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.8.8Oct 4, 2021
CVE-2019-11355An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrato...7.2Mar 12, 2020
CVE-2012-6611An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative pa...9.8Feb 10, 2020
CVE-2012-6609Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the na...7.5Jan 28, 2020
CVE-2012-6610Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.8.8Jan 28, 2020
CVE-2019-14259On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface ...8.0Aug 1, 2019
CVE-2019-12948A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remo...8.3Jul 29, 2019
CVE-2019-10689VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the ...6.5Jun 24, 2019
CVE-2018-10947An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.3.1Jun 13, 2019
CVE-2018-10946An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.6.8Jun 13, 2019
CVE-2018-15128An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing function...9.8May 13, 2019
CVE-2019-10688VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections betw...6.8Apr 23, 2019
CVE-2018-14935The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.6.1Nov 15, 2018
CVE-2018-14934The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device...6.5Nov 15, 2018
CVE-2018-18568Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used ...5.9Oct 24, 2018