CVE-2019-12948 - Vulnerability Details

Vendors	Products
Polycom	C12 C16 C8 Soundpoint Ip 300 Soundpoint Ip 301 Soundpoint Ip 320 Soundpoint Ip 321 Soundpoint Ip 330 Soundpoint Ip 331 Soundpoint Ip 335 Soundpoint Ip 430 Soundpoint Ip 450 Soundpoint Ip 500 Soundpoint Ip 501 Soundpoint Ip 550 Soundpoint Ip 560 Soundpoint Ip 600 Soundpoint Ip 601 Soundpoint Ip 650 Soundpoint Ip 670 Soundpoint Pro Se-220 Soundpoint Pro Se-225 Soundstation2 Soundstation2 Avaya 2490 Soundstation2 Direct Connect For Nortel Soundstation2w Soundstation Duo Soundstation Ip 4000 Soundstation Ip 5000 Soundstation Ip 6000 Soundstation Ip 7000 Soundstation Ip 7000 Video Integration Soundstation Vtx 1000 Trio 8500 Trio 8800 Unified Communications Software United Communications Software Vvx150 Vvx201 Vvx250 Vvx300 Vvx301 Vvx310 Vvx311 Vvx350 Vvx400 Vvx401 Vvx410 Vvx411 Vvx450 Vvx500 Vvx501 Vvx600 Vvx601

Link	Providers
https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-02T20:40:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12948", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf", "refsource": "CONFIRM", "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:32:55.646Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12948", "datePublished": "2019-07-29T15:16:41", "dateReserved": "2019-06-24T00:00:00", "dateUpdated": "2024-08-04T23:32:55.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-08-02T20:40:00 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2019-12948 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf (string)

refsource : CONFIRM (string)

url : https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T23:32:55.646Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2019-12948 (string)

datePublished : 2019-07-29T15:16:41 (string)

dateReserved : 2019-06-24T00:00:00 (string)

dateUpdated : 2024-08-04T23:32:55.646Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "C625E971-506A-45F3-AD61-2070AEB0162F", "versionEndExcluding": "5.8.5.1256", "vulnerable": true}, {"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE3B1B9B-3210-44ED-A5F3-6C9C0C800E33", "versionEndExcluding": "5.9.3.2857", "versionStartIncluding": "5.9.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "33A63BC1-CB87-4C99-9549-B1DEB72BE4CC", "versionEndExcluding": "6.0.0.4839", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:polycom:c12:-:*:*:*:*:*:*:*", "matchCriteriaId": "79199231-6249-4C12-9400-E1351A7E92BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:c16:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DAE9212-F081-49BA-8619-6C8A7D99313B", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:c8:-:*:*:*:*:*:*:*", "matchCriteriaId": "BBFC659D-A7DF-458A-8161-2AF95954634E", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx150:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1E17290-C123-4A51-AF39-B3BCFCE6FFA3", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx201:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C2D973F-E4CA-4085-AFAF-F3FD48182144", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx250:-:*:*:*:*:*:*:*", "matchCriteriaId": "620A47C4-7D4D-4C26-A4F6-E95A414996E0", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx301:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADD18487-B8DF-42C8-A068-6C7C495485C1", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx311:-:*:*:*:*:*:*:*", "matchCriteriaId": "3853AB2F-A836-4964-9E93-4D4B46F4A673", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx350:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0F28EF6-3F2B-4F0E-8349-F86EF0A65280", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx401:-:*:*:*:*:*:*:*", "matchCriteriaId": "D822D5C9-8C15-4CE9-AC65-A0C3C76B1F03", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx411:-:*:*:*:*:*:*:*", "matchCriteriaId": "70824863-4F2C-4619-B5E1-22C4B41C0ADE", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx450:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F721F0B-538B-482F-8A59-CFE4E388281F", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx501:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D54DCE1-77EE-493A-B1B6-9C1D7C952180", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx601:-:*:*:*:*:*:*:*", "matchCriteriaId": "303F10D5-C6AC-4025-88D6-2368E904F327", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5A23ECE-B6DD-4C6F-99C4-3A324947826D", "versionEndExcluding": "5.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:polycom:trio_8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "F43818E9-D3DE-45A7-8667-7B6B16625B97", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:trio_8800:-:*:*:*:*:*:*:*", "matchCriteriaId": "48C05AC7-2D6E-4301-B312-EEFF9038EFC0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "382C5E71-16F4-4E76-BC22-01D81BE4D618", "versionEndExcluding": "4.0.14.1580", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:polycom:soundpoint_ip_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "820C5839-7C52-4B88-90DA-C6C21FEFD0A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_301:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7424D6-2CE0-48A3-AFB0-C5D30819FF8C", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_320:-:*:*:*:*:*:*:*", "matchCriteriaId": "1956CD6A-BF80-4B6F-B07C-311667066BBF", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_321:-:*:*:*:*:*:*:*", "matchCriteriaId": "D22FD3DF-A86C-41C6-A744-685ED5F6609E", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_330:-:*:*:*:*:*:*:*", "matchCriteriaId": "44A5EBB0-BBFE-49DE-8D63-7A7AC59E89C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_331:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDA78F69-32BE-4675-A98A-B7FCF40627FB", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_335:-:*:*:*:*:*:*:*", "matchCriteriaId": "90416A73-992C-477D-9E0A-1F5170E9F884", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_430:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C73B2DB-06ED-44F5-BCBF-214E3EA74CB8", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_450:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDD8F2D8-EBD9-41F7-8FED-13B8E827372C", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "1983CB3C-E88B-4355-9AF3-34F9D103A06A", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_501:-:*:*:*:*:*:*:*", "matchCriteriaId": "7209DA9E-F392-44D9-A8D7-0403AD483D4F", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_550:-:*:*:*:*:*:*:*", "matchCriteriaId": "8840D5B2-33C8-438C-8C32-6B7702B571D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_560:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B071EF0-9F8D-4841-912F-41B82A43819D", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B153D064-C831-46AB-BC3C-32601CBDD251", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_601:-:*:*:*:*:*:*:*", "matchCriteriaId": "B75A9809-5378-4C58-9E5A-909492DD2360", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_650:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF786C93-9283-40BB-8F6E-F2A1527E8513", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_ip_670:-:*:*:*:*:*:*:*", "matchCriteriaId": "6757D2C2-8010-4EB9-A0B5-564FD8E1D7F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_pro_se-220:-:*:*:*:*:*:*:*", "matchCriteriaId": "424B0E05-DFAC-4AC0-B079-66136051A94E", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundpoint_pro_se-225:-:*:*:*:*:*:*:*", "matchCriteriaId": "99B9F4C3-1965-4278-863B-4DDE46C9BFC4", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation_duo:-:*:*:*:*:*:*:*", "matchCriteriaId": "051C3271-88A0-42E2-8A2F-32DF20B5FF6B", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation_ip_4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "51B28075-E9F4-41E7-B6DE-222DD5D4A4A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation_ip_5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7594DBE-73CA-42F9-9134-F69508BEA110", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation_ip_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4FFCAC7-25C9-4640-8B97-7557BB13E07E", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation_ip_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9EE2AC3-483B-43FE-B83F-6E19C1D8AFA8", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation_ip_7000_video_integration:-:*:*:*:*:*:*:*", "matchCriteriaId": "89ED69EB-7E36-4383-BE2B-BC8FB3F94E3A", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation_vtx_1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE5ED780-8889-42F5-8F63-4483E3A56936", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation2:-:*:*:*:*:*:*:*", "matchCriteriaId": "14CAD094-E94C-4581-856E-EB132F16F6C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation2_avaya_2490:-:*:*:*:*:*:*:*", "matchCriteriaId": "A04ABECE-F4E0-4F16-8BA1-9B7E86FE144C", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation2_direct_connect_for_nortel:-:*:*:*:*:*:*:*", "matchCriteriaId": "863AE311-1557-41EC-BBE0-296E25B533E9", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:soundstation2w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D02DBC31-14D7-484E-A68F-C5F076CB1CA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "C625E971-506A-45F3-AD61-2070AEB0162F", "versionEndExcluding": "5.8.5.1256", "vulnerable": true}, {"criteria": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE3B1B9B-3210-44ED-A5F3-6C9C0C800E33", "versionEndExcluding": "5.9.3.2857", "versionStartIncluding": "5.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:polycom:vvx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A36BDB2-1DB7-4D2F-B8AD-609C010B66A8", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx310:-:*:*:*:*:*:*:*", "matchCriteriaId": "F09F121C-EBBF-4B31-829F-6B584539EE0D", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx400:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3882D3C-6A93-4AB6-9B51-2D19571FC45C", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx410:-:*:*:*:*:*:*:*", "matchCriteriaId": "28428904-FFBB-4BEF-ABD2-468D81D675C5", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A64CAE3-6218-4828-BF53-0D61DF0134DE", "vulnerable": false}, {"criteria": "cpe:2.3:h:polycom:vvx600:-:*:*:*:*:*:*:*", "matchCriteriaId": "824C0FC8-C91D-4ADE-B105-87C8DD6C3603", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de los tel\u00e9fonos VVX, Trio, SoundStructure, SoundPoint y SoundStation que ejecutan el software Polycom UC, si se explota, podr\u00eda permitir que un atacante remoto autenticado con privilegios de administrador cause una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o ejecutar c\u00f3digo arbitrario"}], "id": "CVE-2019-12948", "lastModified": "2024-11-21T04:23:52.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-29T16:15:12.647", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-749"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C625E971-506A-45F3-AD61-2070AEB0162F (string)

versionEndExcluding : 5.8.5.1256 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DE3B1B9B-3210-44ED-A5F3-6C9C0C800E33 (string)

versionEndExcluding : 5.9.3.2857 (string)

versionStartIncluding : 5.9.3 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 33A63BC1-CB87-4C99-9549-B1DEB72BE4CC (string)

versionEndExcluding : 6.0.0.4839 (string)

versionStartIncluding : 6.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:polycom:c12:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 79199231-6249-4C12-9400-E1351A7E92BC (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:polycom:c16:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8DAE9212-F081-49BA-8619-6C8A7D99313B (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:polycom:c8:-:*:*:*:*:*:*:* (string)

matchCriteriaId : BBFC659D-A7DF-458A-8161-2AF95954634E (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:polycom:vvx150:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D1E17290-C123-4A51-AF39-B3BCFCE6FFA3 (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:polycom:vvx201:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C2D973F-E4CA-4085-AFAF-F3FD48182144 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:polycom:vvx250:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 620A47C4-7D4D-4C26-A4F6-E95A414996E0 (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:polycom:vvx301:-:*:*:*:*:*:*:* (string)

matchCriteriaId : ADD18487-B8DF-42C8-A068-6C7C495485C1 (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:polycom:vvx311:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3853AB2F-A836-4964-9E93-4D4B46F4A673 (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:h:polycom:vvx350:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E0F28EF6-3F2B-4F0E-8349-F86EF0A65280 (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:h:polycom:vvx401:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D822D5C9-8C15-4CE9-AC65-A0C3C76B1F03 (string)

vulnerable : false (boolean)

}

10 : { »

criteria : cpe:2.3:h:polycom:vvx411:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 70824863-4F2C-4619-B5E1-22C4B41C0ADE (string)

vulnerable : false (boolean)

}

11 : { »

criteria : cpe:2.3:h:polycom:vvx450:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4F721F0B-538B-482F-8A59-CFE4E388281F (string)

vulnerable : false (boolean)

}

12 : { »

criteria : cpe:2.3:h:polycom:vvx501:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2D54DCE1-77EE-493A-B1B6-9C1D7C952180 (string)

vulnerable : false (boolean)

}

13 : { »

criteria : cpe:2.3:h:polycom:vvx601:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 303F10D5-C6AC-4025-88D6-2368E904F327 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B5A23ECE-B6DD-4C6F-99C4-3A324947826D (string)

versionEndExcluding : 5.9.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:polycom:trio_8500:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F43818E9-D3DE-45A7-8667-7B6B16625B97 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:polycom:trio_8800:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 48C05AC7-2D6E-4301-B312-EEFF9038EFC0 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 382C5E71-16F4-4E76-BC22-01D81BE4D618 (string)

versionEndExcluding : 4.0.14.1580 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_300:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 820C5839-7C52-4B88-90DA-C6C21FEFD0A2 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_301:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3D7424D6-2CE0-48A3-AFB0-C5D30819FF8C (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_320:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1956CD6A-BF80-4B6F-B07C-311667066BBF (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_321:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D22FD3DF-A86C-41C6-A744-685ED5F6609E (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_330:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 44A5EBB0-BBFE-49DE-8D63-7A7AC59E89C2 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_331:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EDA78F69-32BE-4675-A98A-B7FCF40627FB (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_335:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 90416A73-992C-477D-9E0A-1F5170E9F884 (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_430:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8C73B2DB-06ED-44F5-BCBF-214E3EA74CB8 (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_450:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DDD8F2D8-EBD9-41F7-8FED-13B8E827372C (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_500:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1983CB3C-E88B-4355-9AF3-34F9D103A06A (string)

vulnerable : false (boolean)

}

10 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_501:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7209DA9E-F392-44D9-A8D7-0403AD483D4F (string)

vulnerable : false (boolean)

}

11 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_550:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8840D5B2-33C8-438C-8C32-6B7702B571D9 (string)

vulnerable : false (boolean)

}

12 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_560:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B071EF0-9F8D-4841-912F-41B82A43819D (string)

vulnerable : false (boolean)

}

13 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_600:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B153D064-C831-46AB-BC3C-32601CBDD251 (string)

vulnerable : false (boolean)

}

14 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_601:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B75A9809-5378-4C58-9E5A-909492DD2360 (string)

vulnerable : false (boolean)

}

15 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_650:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EF786C93-9283-40BB-8F6E-F2A1527E8513 (string)

vulnerable : false (boolean)

}

16 : { »

criteria : cpe:2.3:h:polycom:soundpoint_ip_670:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6757D2C2-8010-4EB9-A0B5-564FD8E1D7F7 (string)

vulnerable : false (boolean)

}

17 : { »

criteria : cpe:2.3:h:polycom:soundpoint_pro_se-220:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 424B0E05-DFAC-4AC0-B079-66136051A94E (string)

vulnerable : false (boolean)

}

18 : { »

criteria : cpe:2.3:h:polycom:soundpoint_pro_se-225:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 99B9F4C3-1965-4278-863B-4DDE46C9BFC4 (string)

vulnerable : false (boolean)

}

19 : { »

criteria : cpe:2.3:h:polycom:soundstation_duo:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 051C3271-88A0-42E2-8A2F-32DF20B5FF6B (string)

vulnerable : false (boolean)

}

20 : { »

criteria : cpe:2.3:h:polycom:soundstation_ip_4000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 51B28075-E9F4-41E7-B6DE-222DD5D4A4A6 (string)

vulnerable : false (boolean)

}

21 : { »

criteria : cpe:2.3:h:polycom:soundstation_ip_5000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F7594DBE-73CA-42F9-9134-F69508BEA110 (string)

vulnerable : false (boolean)

}

22 : { »

criteria : cpe:2.3:h:polycom:soundstation_ip_6000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C4FFCAC7-25C9-4640-8B97-7557BB13E07E (string)

vulnerable : false (boolean)

}

23 : { »

criteria : cpe:2.3:h:polycom:soundstation_ip_7000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B9EE2AC3-483B-43FE-B83F-6E19C1D8AFA8 (string)

vulnerable : false (boolean)

}

24 : { »

criteria : cpe:2.3:h:polycom:soundstation_ip_7000_video_integration:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 89ED69EB-7E36-4383-BE2B-BC8FB3F94E3A (string)

vulnerable : false (boolean)

}

25 : { »

criteria : cpe:2.3:h:polycom:soundstation_vtx_1000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : BE5ED780-8889-42F5-8F63-4483E3A56936 (string)

vulnerable : false (boolean)

}

26 : { »

criteria : cpe:2.3:h:polycom:soundstation2:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 14CAD094-E94C-4581-856E-EB132F16F6C4 (string)

vulnerable : false (boolean)

}

27 : { »

criteria : cpe:2.3:h:polycom:soundstation2_avaya_2490:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A04ABECE-F4E0-4F16-8BA1-9B7E86FE144C (string)

vulnerable : false (boolean)

}

28 : { »

criteria : cpe:2.3:h:polycom:soundstation2_direct_connect_for_nortel:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 863AE311-1557-41EC-BBE0-296E25B533E9 (string)

vulnerable : false (boolean)

}

29 : { »

criteria : cpe:2.3:h:polycom:soundstation2w:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D02DBC31-14D7-484E-A68F-C5F076CB1CA3 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C625E971-506A-45F3-AD61-2070AEB0162F (string)

versionEndExcluding : 5.8.5.1256 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DE3B1B9B-3210-44ED-A5F3-6C9C0C800E33 (string)

versionEndExcluding : 5.9.3.2857 (string)

versionStartIncluding : 5.9.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:polycom:vvx300:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9A36BDB2-1DB7-4D2F-B8AD-609C010B66A8 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:polycom:vvx310:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F09F121C-EBBF-4B31-829F-6B584539EE0D (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:polycom:vvx400:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A3882D3C-6A93-4AB6-9B51-2D19571FC45C (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:polycom:vvx410:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 28428904-FFBB-4BEF-ABD2-468D81D675C5 (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:polycom:vvx500:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A64CAE3-6218-4828-BF53-0D61DF0134DE (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:polycom:vvx600:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 824C0FC8-C91D-4ADE-B105-87C8DD6C3603 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en la interfaz de administración basada en web de los teléfonos VVX, Trio, SoundStructure, SoundPoint y SoundStation que ejecutan el software Polycom UC, si se explota, podría permitir que un atacante remoto autenticado con privilegios de administrador cause una condición de denegación de servicio (DoS) o ejecutar código arbitrario (string)

}

]

id : CVE-2019-12948 (string)

lastModified : 2024-11-21T04:23:52.900 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 8.3 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.5 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-07-29T16:15:12.647 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-749 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object