CVE-2019-12948

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-12948
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf Vendor Advisory
https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:polycom:c12:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:c16:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:c8:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx150:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx201:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx250:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx301:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx311:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx350:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx401:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx411:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx450:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx501:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx601:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:polycom:trio_8500:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:trio_8800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:polycom:soundpoint_ip_300:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_301:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_320:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_321:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_330:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_331:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_335:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_430:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_450:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_500:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_501:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_550:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_560:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_600:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_601:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_650:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_670:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_pro_se-220:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_pro_se-225:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_duo:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_4000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_5000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_6000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_7000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_7000_video_integration:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_vtx_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation2:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation2_avaya_2490:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation2_direct_connect_for_nortel:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation2w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:polycom:vvx300:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx310:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx400:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx410:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx500:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx600:-:*:*:*:*:*:*:*
History

21 Nov 2024, 04:23

Type Values Removed Values Added
References () https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf - Vendor Advisory () https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf - Vendor Advisory
Information

Published : 2019-07-29 16:15

Updated : 2024-11-21 04:23

NVD link : CVE-2019-12948

Mitre link : CVE-2019-12948

CVE.ORG link : CVE-2019-12948

JSON object : View

Products Affected

polycom

  • vvx311
  • soundpoint_ip_650
  • soundpoint_ip_321
  • soundstation_ip_7000_video_integration
  • soundstation2_direct_connect_for_nortel
  • soundpoint_ip_550
  • soundstation_duo
  • vvx301
  • c16
  • vvx150
  • soundstation_ip_6000
  • soundstation_vtx_1000
  • c8
  • soundpoint_ip_335
  • vvx600
  • soundpoint_ip_670
  • vvx410
  • soundstation2
  • soundstation_ip_5000
  • vvx310
  • soundpoint_ip_560
  • trio_8500
  • vvx350
  • soundstation_ip_4000
  • soundstation2w
  • soundpoint_ip_600
  • soundpoint_ip_500
  • vvx411
  • vvx300
  • vvx250
  • vvx450
  • soundpoint_ip_300
  • soundpoint_ip_301
  • vvx201
  • c12
  • vvx601
  • soundpoint_ip_320
  • soundpoint_pro_se-225
  • soundpoint_ip_331
  • soundpoint_ip_430
  • soundstation_ip_7000
  • soundpoint_ip_450
  • trio_8800
  • soundpoint_ip_330
  • soundpoint_ip_501
  • unified_communications_software
  • soundstation2_avaya_2490
  • vvx500
  • vvx501
  • vvx400
  • soundpoint_ip_601
  • vvx401
  • united_communications_software
  • soundpoint_pro_se-220
CWE
CWE-749

Exposed Dangerous Method or Function