Le Cloud de Christophe BOUCETTA

Voici le blog sur les communications unifiées et la collaboration Microsoft par un MVP nominé depuis 11 ans

Pour des raisons de sécurités, Polycom a retiré et émis une note pour le retraint des firmwares pour VVX en version 5.8.0, 5.7.2, 5.7.1 and 5.7.0 

Due to a security issue, UC Software (5.8.0.12386, 5.7.2.1277, 5.7.1.2205, 5.7.0.11768) has been removed from the Support website, replacement software will be available soon. Visit the Security Center for the latest update on “Vulnerabilities in Polycom VVX Phones and UC Software.”

Notes ici: https://community.polycom.com/t5/Skype-for-Business/Security-VVX-UC-Software-5-8-0-5-7-2-5-7-1-and-5-7-0-has-been/m-p/99535

Bulletin de sécurité: Security Advisory - Polycom UCS Software Vulnerabilities Version 1.0

Impact and Risk
If the phone is configured to use web proxy but no web proxy credentials are provided, there is a risk that potentially disclose sensitive information.
This vulnerability could allow a privileged, local attacker, in specific circumstances, to read sensitive information
.
To exploit this vulnerability, an attacker must be able to access the VVX management interface and successfully log into an affected device.


The following releases are potentially vulnerable and have been pulled from the Polycom Support website:
•UCS 5.7.0.11768
•UCS 5.7.1.2205
•UCS 5.7.2.1277
•UCS 5.8.0.12386

Facebook Like