Sign-up

ID

VAR-201811-0081


CVE

CVE-2018-14934


TITLE

Polycom Trio device Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012364

DESCRIPTION

The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. PolycomTrio is a Trio series of business conference phones from Polycom. The Bluetoothsubsystem is one of the Bluetooth subsystems

Trust: 2.16

sources: NVD: CVE-2018-14934 // JVNDB: JVNDB-2018-012364 // CNVD: CNVD-2019-07009

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-07009

AFFECTED PRODUCTS

vendor:polycommodel:trio 8500scope:ltversion:5.5.4

Trust: 1.8

vendor:polycommodel:trioscope:ltversion:5.5.4

Trust: 0.6

sources: CNVD: CNVD-2019-07009 // JVNDB: JVNDB-2018-012364 // NVD: CVE-2018-14934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14934
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-14934
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-07009
value: LOW

Trust: 0.6

CNNVD: CNNVD-201811-510
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-14934
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-07009
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-14934
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-07009 // JVNDB: JVNDB-2018-012364 // CNNVD: CNNVD-201811-510 // NVD: CVE-2018-14934

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2018-012364 // NVD: CVE-2018-14934

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201811-510

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-510

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012364

PATCH
title:Bluetooth Authentication Weakness Found in Trio ? Bulletin Version 1.0url:https://support.polycom.com/content/dam/polycom-support/global/documentation/bluetooth-authentication-weakness-trio.pdf
Trust: 0.8
title:PolycomTrio improper access control vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/156045
Trust: 0.6
title:Polycom Trio Bluetooth Subsystem security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86907
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-07009 // 
            
            
            
            JVNDB: JVNDB-2018-012364 // 
            
            
            
            CNNVD: CNNVD-201811-510

EXTERNAL IDS
db:NVDid:CVE-2018-14934
Trust: 3.0
db:JVNDBid:JVNDB-2018-012364
Trust: 0.8
db:CNVDid:CNVD-2019-07009
Trust: 0.6
db:CNNVDid:CNNVD-201811-510
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-07009 // 
            
            
            
            JVNDB: JVNDB-2018-012364 // 
            
            
            
            CNNVD: CNNVD-201811-510 // 
            
            
            
            NVD: CVE-2018-14934

REFERENCES
url:https://support.polycom.com/content/dam/polycom-support/global/documentation/bluetooth-authentication-weakness-trio.pdf
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-14934
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14934
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-07009 // 
            
            
            
            JVNDB: JVNDB-2018-012364 // 
            
            
            
            CNNVD: CNNVD-201811-510 // 
            
            
            
            NVD: CVE-2018-14934

SOURCES
db:CNVDid:CNVD-2019-07009
db:JVNDBid:JVNDB-2018-012364
db:CNNVDid:CNNVD-201811-510
db:NVDid:CVE-2018-14934

LAST UPDATE DATE
2024-11-23T23:08:33.694000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-07009date:2019-03-13T00:00:00
db:JVNDBid:JVNDB-2018-012364date:2019-02-01T00:00:00
db:CNNVDid:CNNVD-201811-510date:2019-10-23T00:00:00
db:NVDid:CVE-2018-14934date:2024-11-21T03:50:06.960

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-07009date:2019-03-13T00:00:00
db:JVNDBid:JVNDB-2018-012364date:2019-02-01T00:00:00
db:CNNVDid:CNNVD-201811-510date:2018-11-16T00:00:00
db:NVDid:CVE-2018-14934date:2018-11-15T20:29:00.240