Vulnerability Description
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polycom | Unified Communications Software | <= 5.8.0.12848 |
| Polycom | Vvx 601 Firmware | - |
| Polycom | Vvx 601 | - |
| Polycom | Vvx 500 Firmware | - |
| Polycom | Vvx 500 | - |
Related Weaknesses (CWE)
References
- https://seclists.org/bugtraq/2018/Oct/36ExploitMailing ListThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.tExploitThird Party Advisory
- https://seclists.org/bugtraq/2018/Oct/36ExploitMailing ListThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.tExploitThird Party Advisory
FAQ
What is CVE-2018-18568?
CVE-2018-18568 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used wit...
How severe is CVE-2018-18568?
CVE-2018-18568 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18568?
Check the references section above for vendor advisories and patch information. Affected products include: Polycom Unified Communications Software, Polycom Vvx 601 Firmware, Polycom Vvx 601, Polycom Vvx 500 Firmware, Polycom Vvx 500.