CVE-2019-12948

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:polycom:c12:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:c16:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:c8:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx150:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx201:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx250:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx301:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx311:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx350:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx401:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx411:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx450:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx501:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx601:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:polycom:trio_8500:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:trio_8800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:polycom:united_communications_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:polycom:soundpoint_ip_300:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_301:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_320:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_321:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_330:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_331:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_335:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_430:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_450:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_500:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_501:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_550:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_560:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_600:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_601:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_650:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_ip_670:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_pro_se-220:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundpoint_pro_se-225:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_duo:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_4000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_5000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_6000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_7000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_ip_7000_video_integration:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation_vtx_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation2:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation2_avaya_2490:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation2_direct_connect_for_nortel:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:soundstation2w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:polycom:vvx300:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx310:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx400:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx410:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx500:-:*:*:*:*:*:*:*
cpe:2.3:h:polycom:vvx600:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:23

Type Values Removed Values Added
References () https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf - Vendor Advisory () https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf - Vendor Advisory

Information

Published : 2019-07-29 16:15

Updated : 2024-11-21 04:23


NVD link : CVE-2019-12948

Mitre link : CVE-2019-12948

CVE.ORG link : CVE-2019-12948


JSON object : View

Products Affected

polycom

  • soundpoint_ip_601
  • soundpoint_pro_se-220
  • vvx601
  • soundstation_ip_7000
  • soundpoint_ip_450
  • soundpoint_ip_321
  • soundstation_vtx_1000
  • united_communications_software
  • vvx250
  • soundstation2_avaya_2490
  • trio_8500
  • vvx150
  • soundpoint_ip_320
  • vvx411
  • vvx201
  • soundstation_duo
  • trio_8800
  • vvx311
  • unified_communications_software
  • soundpoint_ip_600
  • soundpoint_ip_335
  • soundstation_ip_5000
  • soundpoint_ip_650
  • soundpoint_ip_300
  • soundstation2w
  • soundpoint_ip_331
  • soundpoint_ip_500
  • soundpoint_ip_560
  • vvx450
  • soundpoint_ip_550
  • soundstation_ip_6000
  • soundstation_ip_4000
  • vvx401
  • vvx410
  • vvx301
  • vvx501
  • soundpoint_ip_301
  • soundstation2_direct_connect_for_nortel
  • c16
  • vvx600
  • vvx300
  • vvx310
  • soundpoint_pro_se-225
  • soundpoint_ip_670
  • vvx350
  • soundpoint_ip_330
  • c8
  • c12
  • vvx500
  • soundpoint_ip_501
  • soundstation_ip_7000_video_integration
  • soundstation2
  • soundpoint_ip_430
  • vvx400
CWE
CWE-749

Exposed Dangerous Method or Function