Pour des raisons de sécurités, Polycom a retiré et émis une note pour le retraint des firmwares pour VVX en version 5.8.0, 5.7.2, 5.7.1 and 5.7.0
Due to a security issue, UC Software (184.108.40.20686, 220.127.116.117, 18.104.22.1685, 22.214.171.12468) has been removed from the Support website, replacement software will be available soon. Visit the Security Center for the latest update on “Vulnerabilities in Polycom VVX Phones and UC Software.”
Notes ici: https://community.polycom.com/t5/Skype-for-Business/Security-VVX-UC-Software-5-8-0-5-7-2-5-7-1-and-5-7-0-has-been/m-p/99535
Bulletin de sécurité: Security Advisory - Polycom UCS Software Vulnerabilities Version 1.0
Impact and RiskIf the phone is configured to use web proxy but no web proxy credentials are provided, there is a risk that potentially disclose sensitive information.This vulnerability could allow a privileged, local attacker, in specific circumstances, to read sensitive information.To exploit this vulnerability, an attacker must be able to access the VVX management interface and successfully log into an affected device.
The following releases are potentially vulnerable and have been pulled from the Polycom Support website: •UCS 126.96.36.19968•UCS 188.8.131.525•UCS 184.108.40.2067•UCS 220.127.116.1186