Sign-up

ID

VAR-201810-0185


CVE

CVE-2018-18566


TITLE

Polycom VVX 500 and 601 Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-011333

DESCRIPTION

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. Polycom VVX 500 and 601 The device contains an information disclosure vulnerability.Information may be obtained. Polycom VVX is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Polycom VVX 500/601 version 5.8.0.12848 and prior are vulnerable. Polycom VVX 500 and 601 are IP telephone products of American Polycom (Polycom) company. SIP service is one of the SIP (Session Initiation Protocol) services. The SIP service in Polycom VVX 500 and 601 5.8.0.12848 and earlier versions has a security vulnerability

Trust: 1.98

sources: NVD: CVE-2018-18566 // JVNDB: JVNDB-2018-011333 // BID: 105746 // VULHUB: VHN-129138

AFFECTED PRODUCTS

vendor:polycommodel:vvx 500scope:eqversion: -

Trust: 1.6

vendor:polycommodel:vvx 601scope:eqversion: -

Trust: 1.6

vendor:polycommodel:unified communications softwarescope:lteversion:5.8.0.12848

Trust: 1.0

vendor:polycommodel:vvx 500scope:lteversion:5.8.0.12848

Trust: 0.8

vendor:polycommodel:vvx 601scope:lteversion:5.8.0.12848

Trust: 0.8

vendor:polycommodel:unified communications softwarescope: - version: -

Trust: 0.8

vendor:polycommodel:uc softwarescope:eqversion:5.8.0.12848

Trust: 0.6

vendor:polycommodel: - scope:eqversion:vvx6015.8

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.7

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.6

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.5

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.4

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.3

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.2

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.1

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.8.0.12848

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx6015.4.0.10182

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.8

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.7

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.6

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.5

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.4

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.3

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.2

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.1

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.8.0.12848

Trust: 0.3

vendor:polycommodel: - scope:eqversion:vvx5005.4.0.10182

Trust: 0.3

sources: BID: 105746 // JVNDB: JVNDB-2018-011333 // CNNVD: CNNVD-201810-1237 // NVD: CVE-2018-18566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18566
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-18566
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1237
value: MEDIUM

Trust: 0.6

VULHUB: VHN-129138
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-18566
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-129138
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18566
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-18566
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-129138 // JVNDB: JVNDB-2018-011333 // CNNVD: CNNVD-201810-1237 // NVD: CVE-2018-18566

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-129138 // JVNDB: JVNDB-2018-011333 // NVD: CVE-2018-18566

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1237

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-1237

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011333

PATCH
title:Polycom UC Softwareurl:http://www.polycom.com/voice-conferencing-solutions/uc-software.html
Trust: 0.8
title:Polycom VVX 500url:https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx500.html
Trust: 0.8
title:Polycom VVX 601url:https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx601.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011333

EXTERNAL IDS
db:NVDid:CVE-2018-18566
Trust: 2.8
db:BIDid:105746
Trust: 2.0
db:JVNDBid:JVNDB-2018-011333
Trust: 0.8
db:CNNVDid:CNNVD-201810-1237
Trust: 0.7
db:PACKETSTORMid:149944
Trust: 0.1
db:VULHUBid:VHN-129138
Trust: 0.1
sources:
            
            
            VULHUB: VHN-129138 // 
            
            
            
            BID: 105746 // 
            
            
            
            JVNDB: JVNDB-2018-011333 // 
            
            
            
            CNNVD: CNNVD-201810-1237 // 
            
            
            
            NVD: CVE-2018-18566

REFERENCES
url:https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-028.txt
Trust: 2.5
url:https://seclists.org/bugtraq/2018/oct/33
Trust: 2.0
url:http://www.securityfocus.com/bid/105746
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18566
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-18566
Trust: 0.8
url:http://www.polycom.co.in/products-services/voice/desktop-solutions/realpresence-desktop-vvx-business-media-phones.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-129138 // 
            
            
            
            BID: 105746 // 
            
            
            
            JVNDB: JVNDB-2018-011333 // 
            
            
            
            CNNVD: CNNVD-201810-1237 // 
            
            
            
            NVD: CVE-2018-18566

CREDITS
Micha Borrmann (SySS GmbH)
Trust: 0.3
sources:
            
            
            BID: 105746

SOURCES
db:VULHUBid:VHN-129138
db:BIDid:105746
db:JVNDBid:JVNDB-2018-011333
db:CNNVDid:CNNVD-201810-1237
db:NVDid:CVE-2018-18566

LAST UPDATE DATE
2024-11-23T22:38:03.540000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-129138date:2018-12-06T00:00:00
db:BIDid:105746date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011333date:2019-01-10T00:00:00
db:CNNVDid:CNNVD-201810-1237date:2021-06-16T00:00:00
db:NVDid:CVE-2018-18566date:2024-11-21T03:56:10.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-129138date:2018-10-24T00:00:00
db:BIDid:105746date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011333date:2019-01-10T00:00:00
db:CNNVDid:CNNVD-201810-1237date:2018-10-25T00:00:00
db:NVDid:CVE-2018-18566date:2018-10-24T22:29:01.510