Insufficient Authentication Flaw in Polycom VVX Products
CVE-2019-10689

6.5MEDIUM

Key Information:

Vendor: Polycom
Status: Better Together Over Ethernet Connector; Unified Communications Software
Vendor: CVE Published:; 24 June 2019

What is CVE-2019-10689?

Polycom VVX products that utilize UCS software versions up to 5.9.2 and BToE application versions up to 3.9.1 are exposed to a vulnerability that permits insufficient authentication between the BToE application and its components. This weakness can lead to unauthorized access, enabling potential attackers to misappropriately disclose sensitive information, raising significant security concerns for organizations relying on these communications tools.

References

http://www.securityfocus.com/bid/108799

vdb-entryx_refsource_BID

https://support.polycom.com/content/dam/polycom-support/g...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2019
Vulnerability Reserved
Apr 1, 2019