Vulnerability Description
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polycom | Unified Communications Software | < 5.8.5.1256 |
| Polycom | C12 | - |
| Polycom | C16 | - |
| Polycom | C8 | - |
| Polycom | Vvx150 | - |
| Polycom | Vvx201 | - |
| Polycom | Vvx250 | - |
| Polycom | Vvx301 | - |
| Polycom | Vvx311 | - |
| Polycom | Vvx350 | - |
| Polycom | Vvx401 | - |
| Polycom | Vvx411 | - |
| Polycom | Vvx450 | - |
| Polycom | Vvx501 | - |
| Polycom | Vvx601 | - |
| Polycom | United Communications Software | < 5.9.0 |
| Polycom | Trio 8500 | - |
| Polycom | Trio 8800 | - |
| Polycom | Soundpoint Ip 300 | - |
| Polycom | Soundpoint Ip 301 | - |
Related Weaknesses (CWE)
References
- https://support.polycom.com/content/dam/polycom-support/global/documentation/remVendor Advisory
- https://support.polycom.com/content/dam/polycom-support/global/documentation/remVendor Advisory
FAQ
What is CVE-2019-12948?
CVE-2019-12948 is a vulnerability with a CVSS score of 8.3 (HIGH). A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote ...
How severe is CVE-2019-12948?
CVE-2019-12948 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12948?
Check the references section above for vendor advisories and patch information. Affected products include: Polycom Unified Communications Software, Polycom C12, Polycom C16, Polycom C8, Polycom Vvx150.