Man-in-the-Middle Vulnerability in Polycom VVX 500 and 601 Devices
CVE-2018-18568

5.9MEDIUM

Key Information:

Vendor

Polycom

Status
Unified Communications Software
Vendor
CVE Published:
24 October 2018

What is CVE-2018-18568?

The Polycom VVX 500 and 601 devices, version 5.8.0.12848 and earlier, are susceptible to a vulnerability that allows attackers to perform man-in-the-middle attacks. This is due to their failure to properly validate X.509 certificates during communication with an on-premise installation of Skype for Business, potentially exposing sensitive credential information to unauthorized parties.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...
x_refsource_MISC
https://seclists.org/bugtraq/2018/Oct/36
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.