Privilege Escalation Vulnerability in Polycom VVX 400/410 Phones
CVE-2021-41322

8.8HIGH

Key Information:

Vendor: Polycom
Status: Vvx 400 Firmware
Vendor: CVE Published:; 4 October 2021

What is CVE-2021-41322?

The Poly VVX 400 and 410 phones running version 5.3.1 are affected by a privilege escalation vulnerability that allows low-privileged users to exploit the password reset process. By modifying a specific POST parameter, an unauthorized user could change the Admin password, leading to potential unauthorized access to administrative features. This vulnerability highlights the importance of securing telephony devices against such access control weaknesses.

References

https://support.polycom.com/content/support.html

x_refsource_MISC

https://packetstormsecurity.com/files/140753/Polycom-VVX-...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2021
Vulnerability Reserved
Sep 17, 2021