CVE-2024-9579

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:poly_tc8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:poly_tc10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:poly_studio_g7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:poly_studio_x30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:poly_studio_x50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:poly_studio_x70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:poly_studio_x52_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:poly_studio_g62_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*

History

08 Nov 2024, 18:08

Type	Values Removed	Values Added
CPE		cpe:2.3:h:hp:poly_studio_x30:-:::::::* cpe:2.3:h:hp:poly_studio_x52:-:::::::* cpe:2.3:o:hp:poly_tc8_firmware:::::::: cpe:2.3:h:hp:poly_studio_x70:-:::::::* cpe:2.3:o:hp:poly_tc10_firmware:::::::: cpe:2.3:o:hp:poly_studio_g62_firmware:::::::: cpe:2.3:o:hp:poly_studio_x70_firmware:::::::: cpe:2.3:o:hp:poly_studio_g7500_firmware:::::::: cpe:2.3:o:hp:poly_studio_x52_firmware:::::::: cpe:2.3:h:hp:poly_studio_g7500:-:::::::* cpe:2.3:o:hp:poly_studio_x30_firmware:::::::: cpe:2.3:h:hp:poly_tc10:-:::::::* cpe:2.3:h:hp:poly_tc8:-:::::::* cpe:2.3:o:hp:poly_studio_x50_firmware:::::::: cpe:2.3:h:hp:poly_studio_g62:-:::::::* cpe:2.3:h:hp:poly_studio_x50:-:::::::*
First Time		Hp poly Studio X52 Firmware Hp poly Tc8 Firmware Hp poly Tc10 Firmware Hp poly Studio X30 Firmware Hp poly Studio G62 Firmware Hp poly Tc8 Hp poly Studio X50 Firmware Hp poly Tc10 Hp poly Studio X52 Hp poly Studio G7500 Hp poly Studio X30 Hp poly Studio G7500 Firmware Hp poly Studio G62 Hp Hp poly Studio X50 Hp poly Studio X70 Hp poly Studio X70 Firmware
References	~~() https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900 -~~	() https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900 - Vendor Advisory

06 Nov 2024, 18:17

Type	Values Removed	Values Added
Summary		(es) Se descubrió una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. La explotación de esta vulnerabilidad depende de un ataque en capas y no puede explotarse por sí sola.

05 Nov 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-05 17:15

Updated : 2024-11-08 18:08

NVD link : CVE-2024-9579

Mitre link : CVE-2024-9579

CVE.ORG link : CVE-2024-9579

JSON object : View

Products Affected

poly_tc8
poly_studio_x52_firmware
poly_tc10
poly_tc10_firmware
poly_studio_g7500_firmware
poly_studio_x70
poly_studio_x30_firmware
poly_studio_x30
poly_studio_g7500
poly_studio_x50
poly_studio_g62
poly_studio_g62_firmware
poly_tc8_firmware
poly_studio_x52
poly_studio_x50_firmware
poly_studio_x70_firmware

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

7.5 /10