Details of VAR-201303-0456

ID

VAR-201303-0456

TITLE

Polycom HDX Series ‘ H.323 </ formatting string vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201303-340

DESCRIPTION

Polycom HDX Series devices are prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code with root access in the context of the vulnerable device. Failed exploit attempts will likely result in a denial-of-service condition.

Trust: 0.3

sources: BID: 58525

AFFECTED PRODUCTS

vendor:	polycom	model:	hdx	scope:	eq	version:	90000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	eq	version:	80000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	eq	version:	70000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	eq	version:	60000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	eq	version:	40000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	90003.1.12	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	80003.1.12	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	70003.1.12	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	60003.1.12	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	40003.1.12	Trust: 0.3

sources: BID: 58525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-340

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 58525

EXTERNAL IDS

db:	BID	id:	58525	Trust: 0.9
db:	CNNVD	id:	CNNVD-201303-340	Trust: 0.6

sources: BID: 58525 // CNNVD: CNNVD-201303-340

REFERENCES

url:	http://www.securityfocus.com/bid/58525	Trust: 0.6
url:	http://www.polycom.com/	Trust: 0.3

sources: BID: 58525 // CNNVD: CNNVD-201303-340

CREDITS

Moritz Jodeit of n.runs AG

Trust: 0.9

sources: BID: 58525 // CNNVD: CNNVD-201303-340

SOURCES

db:	BID	id:	58525
db:	CNNVD	id:	CNNVD-201303-340

LAST UPDATE DATE

2022-05-17T02:02:35.342000+00:00

SOURCES UPDATE DATE

db:	BID	id:	58525	date:	2013-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201303-340	date:	2013-03-19T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	58525	date:	2013-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201303-340	date:	2013-03-18T00:00:00