Vulnerability Description
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polycom | Unified Communications Software | <= 5.8.0.12848 |
| Polycom | Vvx 601 Firmware | - |
| Polycom | Vvx 601 | - |
| Polycom | Vvx 500 Firmware | - |
| Polycom | Vvx 500 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105746Third Party AdvisoryVDB Entry
- https://seclists.org/bugtraq/2018/Oct/33ExploitMailing ListThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.tExploitThird Party Advisory
- http://www.securityfocus.com/bid/105746Third Party AdvisoryVDB Entry
- https://seclists.org/bugtraq/2018/Oct/33ExploitMailing ListThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.tExploitThird Party Advisory
FAQ
What is CVE-2018-18566?
CVE-2018-18566 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation ...
How severe is CVE-2018-18566?
CVE-2018-18566 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18566?
Check the references section above for vendor advisories and patch information. Affected products include: Polycom Unified Communications Software, Polycom Vvx 601 Firmware, Polycom Vvx 601, Polycom Vvx 500 Firmware, Polycom Vvx 500.