Sign-up

ID

VAR-202112-2029


CVE

CVE-2018-17875


TITLE

Poly Trio 8800  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016634

DESCRIPTION

A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. Poly Trio 8800 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Polycom Trio is a Trio series business conference phone from Polycom

Trust: 2.25

sources: NVD: CVE-2018-17875 // JVNDB: JVNDB-2018-016634 // CNVD: CNVD-2022-09783 // VULMON: CVE-2018-17875

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-09783

AFFECTED PRODUCTS

vendor:polymodel:trio 8800scope:eqversion:5.4.0.12856

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.5.4.2255

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.2.5400

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.5.9658

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.5.3.3441

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.5.3.3517

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.7.1.4145

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.3.2400

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.5.2.11338

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.0.12197

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.5.2.11391

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.3.2389

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.7.1.4095

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.4.7511

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.5.9111

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.1.17597

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.4.7776

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.7.1.4133

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.3.2007

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.0.12541

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion:5.4.4.7609

Trust: 1.0

vendor:polymodel:trio 8800scope:eqversion: -

Trust: 0.8

vendor:polymodel:trio 8800scope: - version: -

Trust: 0.8

vendor:polymodel:trio 8800scope:eqversion:trio 8800 firmware

Trust: 0.8

vendor:polycommodel:trioscope:eqversion:88005.7.1.4145

Trust: 0.6

sources: CNVD: CNVD-2022-09783 // JVNDB: JVNDB-2018-016634 // NVD: CVE-2018-17875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17875
value: HIGH

Trust: 1.0

NVD: CVE-2018-17875
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-09783
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202112-2733
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-17875
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-09783
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-17875
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-17875
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-09783 // JVNDB: JVNDB-2018-016634 // CNNVD: CNNVD-202112-2733 // NVD: CVE-2018-17875

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2018-016634 // NVD: CVE-2018-17875

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2733

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2733

PATCH

title:TRIO 8800url:https://www.poly.com/jp/ja/products/phones/trio/trio-8800

Trust: 0.8

title:Patch for Polycom Trio Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/318846

Trust: 0.6

title:Polycom Trio Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176419

Trust: 0.6

sources: CNVD: CNVD-2022-09783 // JVNDB: JVNDB-2018-016634 // CNNVD: CNNVD-202112-2733

EXTERNAL IDS

db:NVDid:CVE-2018-17875

Trust: 3.9

db:JVNDBid:JVNDB-2018-016634

Trust: 0.8

db:CNVDid:CNVD-2022-09783

Trust: 0.6

db:CNNVDid:CNNVD-202112-2733

Trust: 0.6

db:VULMONid:CVE-2018-17875

Trust: 0.1

sources: CNVD: CNVD-2022-09783 // VULMON: CVE-2018-17875 // JVNDB: JVNDB-2018-016634 // CNNVD: CNNVD-202112-2733 // NVD: CVE-2018-17875

REFERENCES

url:http://unkl4b.github.io/authenticated-rce-in-polycom-trio-8800-pt-1/

Trust: 2.5

url:https://support.polycom.com/content/support/emea/emea/en/support/voice/polycom-trio/polycom-trio-8800.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-17875

Trust: 1.4

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-09783 // VULMON: CVE-2018-17875 // JVNDB: JVNDB-2018-016634 // CNNVD: CNNVD-202112-2733 // NVD: CVE-2018-17875

SOURCES

db:CNVDid:CNVD-2022-09783
db:VULMONid:CVE-2018-17875
db:JVNDBid:JVNDB-2018-016634
db:CNNVDid:CNNVD-202112-2733
db:NVDid:CVE-2018-17875

LAST UPDATE DATE

2024-08-14T14:25:05.242000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-09783date:2022-02-12T00:00:00
db:VULMONid:CVE-2018-17875date:2021-12-28T00:00:00
db:JVNDBid:JVNDB-2018-016634date:2023-01-17T01:09:00
db:CNNVDid:CNNVD-202112-2733date:2022-01-11T00:00:00
db:NVDid:CVE-2018-17875date:2022-01-10T13:58:42.737

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-09783date:2022-02-11T00:00:00
db:VULMONid:CVE-2018-17875date:2021-12-28T00:00:00
db:JVNDBid:JVNDB-2018-016634date:2023-01-17T00:00:00
db:CNNVDid:CNNVD-202112-2733date:2021-12-28T00:00:00
db:NVDid:CVE-2018-17875date:2021-12-28T13:15:07.947