Details of VAR-201303-0508

ID

VAR-201303-0508

TITLE

Polycom HDX Series Remote Command Injection Vulnerability

Trust: 0.9

sources: BID: 58524 // CNNVD: CNNVD-201303-341

DESCRIPTION

Polycom HDX is a high-definition series of network cameras. The Polycom HDX series uses user input that is not properly filtered for use in SQL queries. There is a SQL injection vulnerability in the implementation that an attacker can use to perform unauthorized database operations. Polycom HDX Series devices are prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject and execute arbitrary commands within the context of the affected device

Trust: 0.81

sources: CNVD: CNVD-2013-02164 // BID: 58524

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-02164

AFFECTED PRODUCTS

vendor:	polycom	model:	hdx	scope:	eq	version:	6000	Trust: 0.6
vendor:	polycom	model:	hdx	scope:	eq	version:	7000	Trust: 0.6
vendor:	polycom	model:	hdx	scope:	eq	version:	8000	Trust: 0.6
vendor:	polycom	model:	hdx	scope:	eq	version:	9000	Trust: 0.6
vendor:	polycom	model:	hdx	scope:	eq	version:	90000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	eq	version:	80000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	eq	version:	70000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	eq	version:	60000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	eq	version:	40000	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	90003.1.12	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	80003.1.12	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	70003.1.12	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	60003.1.12	Trust: 0.3
vendor:	polycom	model:	hdx	scope:	ne	version:	40003.1.12	Trust: 0.3

sources: CNVD: CNVD-2013-02164 // BID: 58524

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-02164
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2013-02164
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-02164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-341

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 58524

PATCH

title:

Patch for Polycom HDX Series SQL Injection Vulnerability (CNVD-2013-02164)

url:

https://www.cnvd.org.cn/patchinfo/show/32994

Trust: 0.6

sources: CNVD: CNVD-2013-02164

EXTERNAL IDS

db:	BID	id:	58524	Trust: 1.5
db:	CNVD	id:	CNVD-2013-02164	Trust: 0.6
db:	CNNVD	id:	CNNVD-201303-341	Trust: 0.6

sources: CNVD: CNVD-2013-02164 // BID: 58524 // CNNVD: CNNVD-201303-341

REFERENCES

url:	http://www.securityfocus.com/bid/58524	Trust: 1.2
url:	http://seclists.org/bugtraq/2013/mar/97	Trust: 0.3
url:	http://www.polycom.com/	Trust: 0.3

sources: CNVD: CNVD-2013-02164 // BID: 58524 // CNNVD: CNNVD-201303-341

CREDITS

Moritz Jodeit of n.runs AG

Trust: 0.9

sources: BID: 58524 // CNNVD: CNNVD-201303-341

SOURCES

db:	CNVD	id:	CNVD-2013-02164
db:	BID	id:	58524
db:	CNNVD	id:	CNNVD-201303-341

LAST UPDATE DATE

2022-05-17T01:45:25.568000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-02164	date:	2014-04-28T00:00:00
db:	BID	id:	58524	date:	2013-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201303-341	date:	2013-03-19T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-02164	date:	2013-03-26T00:00:00
db:	BID	id:	58524	date:	2013-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201303-341	date:	2013-03-18T00:00:00