Pour des raisons de sécurités, Polycom a retiré et émis une note pour le retraint des firmwares pour VVX en version 5.8.0, 5.7.2, 5.7.1 and 5.7.0
Due to a security issue, UC Software (5.8.0.12386, 5.7.2.1277, 5.7.1.2205, 5.7.0.11768) has been removed from the Support website, replacement software will be available soon. Visit the Security Center for the latest update on “Vulnerabilities in Polycom VVX Phones and UC Software.”
Bulletin de sécurité: Security Advisory - Polycom UCS Software Vulnerabilities Version 1.0
Impact and Risk
If the phone is configured to use web proxy but no web proxy credentials are provided, there is a risk that potentially disclose sensitive information.
This vulnerability could allow a privileged, local attacker, in specific circumstances, to read sensitive information
.
To exploit this vulnerability, an attacker must be able to access the VVX management interface and successfully log into an affected device.
The following releases are potentially vulnerable and have been pulled from the Polycom Support website:
•UCS 5.7.0.11768
•UCS 5.7.1.2205
•UCS 5.7.2.1277
•UCS 5.8.0.12386