Details of VAR-201801-1848

ID

VAR-201801-1848

TITLE

Polycom HDX Endpoint Remote Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-01931

DESCRIPTION

PolycomHDX is a high-definition series of network cameras. A remote code execution vulnerability exists in PolycomHDX endpoints. An attacker can exploit a vulnerability to execute arbitrary code in the context of an application. A failed exploit can result in a denial of service condition. HDX 3.1.11 hotfix 1 and prior versions are affected

Trust: 0.81

sources: CNVD: CNVD-2018-01931 // BID: 101973

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-01931

AFFECTED PRODUCTS

vendor:	polycom	model:	hdx hotfix	scope:	eq	version:	3.1.111	Trust: 0.9
vendor:	polycom	model:	hdx	scope:	eq	version:	3.1.11	Trust: 0.9
vendor:	polycom	model:	hdx hotfix	scope:	ne	version:	3.1.112	Trust: 0.3

sources: CNVD: CNVD-2018-01931 // BID: 101973

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-01931
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2018-01931
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-01931

THREAT TYPE

network

Trust: 0.3

sources: BID: 101973

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 101973

PATCH

title:

Patch for PolycomHDX Endpoint Remote Code Execution Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/114453

Trust: 0.6

sources: CNVD: CNVD-2018-01931

EXTERNAL IDS

db:	BID	id:	101973	Trust: 0.9
db:	CNVD	id:	CNVD-2018-01931	Trust: 0.6

sources: CNVD: CNVD-2018-01931 // BID: 101973

REFERENCES

url:	http://www.securityfocus.com/bid/101973/	Trust: 0.6
url:	http://www.polycom.com/	Trust: 0.3
url:	http://support.polycom.com/content/dam/polycom-support/global/documentation/secruity-advisory-hdx.pdf	Trust: 0.3

sources: CNVD: CNVD-2018-01931 // BID: 101973

CREDITS

SensePost.

Trust: 0.3

sources: BID: 101973

SOURCES

db:	CNVD	id:	CNVD-2018-01931
db:	BID	id:	101973

LAST UPDATE DATE

2022-05-17T01:52:35.878000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01931	date:	2018-01-26T00:00:00
db:	BID	id:	101973	date:	2017-12-19T22:37:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-01931	date:	2018-01-26T00:00:00
db:	BID	id:	101973	date:	2017-11-24T00:00:00