Vulnerability Description
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polycom | Better Together Over Ethernet Connector | <= 3.9.1 |
| Polycom | Unified Communications Software | <= 5.9.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108799Third Party AdvisoryVDB Entry
- https://support.polycom.com/content/dam/polycom-support/global/documentation/insVendor Advisory
- http://www.securityfocus.com/bid/108799Third Party AdvisoryVDB Entry
- https://support.polycom.com/content/dam/polycom-support/global/documentation/insVendor Advisory
FAQ
What is CVE-2019-10689?
CVE-2019-10689 is a vulnerability with a CVSS score of 6.5 (MEDIUM). VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BTo...
How severe is CVE-2019-10689?
CVE-2019-10689 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10689?
Check the references section above for vendor advisories and patch information. Affected products include: Polycom Better Together Over Ethernet Connector, Polycom Unified Communications Software.