Vulnerability Description
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polycom | Unified Communications Software | <= 4.0.11 |
| Polycom | Soundstation Ip | - |
| Polycom | Vvx | - |
| Polycom | Realpresence Trio | - |
Related Weaknesses (CWE)
References
- http://support.polycom.com/content/dam/polycom-support/global/documentation/secuMitigationVendor Advisory
- http://www.securitytracker.com/id/1039309
- http://support.polycom.com/content/dam/polycom-support/global/documentation/secuMitigationVendor Advisory
- http://www.securitytracker.com/id/1039309
FAQ
What is CVE-2017-12857?
CVE-2017-12857 is a vulnerability with a CVSS score of 8.8 (HIGH). Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. ...
How severe is CVE-2017-12857?
CVE-2017-12857 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12857?
Check the references section above for vendor advisories and patch information. Affected products include: Polycom Unified Communications Software, Polycom Soundstation Ip, Polycom Vvx, Polycom Realpresence Trio.