CVE-2017-12857 - Vulnerability Details - OpenCVE

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Polycom	Realpresence Trio Soundstation Ip Unified Communications Software Vvx

Configuration 1 [-]

AND

cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*

cpe:2.3:h:polycom:soundstation_ip:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:polycom:unified_communications_software::::::::
	cpe:2.3:o:polycom:unified_communications_software::::::::

cpe:2.3:h:polycom:vvx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*

cpe:2.3:h:polycom:realpresence_trio:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf
http://www.securitytracker.com/id/1039309

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-25T19:00:00

Updated: 2024-08-05T18:51:06.775Z

Reserved: 2017-08-15T00:00:00

Link: CVE-2017-12857

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-08-25T19:29:00.270

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-12857

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-12T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1039309", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039309"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12857", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1039309", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039309"}, {"name": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf", "refsource": "CONFIRM", "url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:51:06.775Z"}, "title": "CVE Program Container", "references": [{"name": "1039309", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039309"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12857", "datePublished": "2017-08-25T19:00:00", "dateReserved": "2017-08-15T00:00:00", "dateUpdated": "2024-08-05T18:51:06.775Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "499B2603-7408-4EC4-9176-CF36DCAC2D5D", "versionEndIncluding": "4.0.11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:polycom:soundstation_ip:-:*:*:*:*:*:*:*", "matchCriteriaId": "D084EA08-E7A4-415E-803F-11E7BA1119AA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "67FF91FF-524B-43F9-993A-6A67596CDE8F", "versionEndIncluding": "5.4.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "10B74669-87A8-4639-A814-2B09B782C064", "versionEndIncluding": "5.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:polycom:vvx:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC78465-4DD8-42E7-84A5-DB8153659E97", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C4D4484-464C-44DF-8974-376A1F73CC05", "versionEndIncluding": "5.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:polycom:realpresence_trio:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB194641-9EC3-4B52-BAC8-2BB3C1C67F3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information."}, {"lang": "es", "value": "Polycom SoundStation IP, VVX, y RealPresence Trio que ejecuten software anterior a UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, o 5.6.0 se han visto afectadas por una vulnerabilidad en la aplicaci\u00f3n web UCS. Esta vulnerabilidad podr\u00eda permitir que un atacante remoto autenticado leyese un segmento de la memoria del tel\u00e9fono, el cual podr\u00eda contener una contrase\u00f1a de administrador u otro tipo de informaci\u00f3n sensible."}], "id": "CVE-2017-12857", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-25T19:29:00.270", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1039309"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1039309"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}