Firmware Flaw in Poly Clariti Manager Devices Leaves Access Controls Vulnerable
CVE-2024-41912

9.8CRITICAL

Key Information:

Vendor: HP
Status: Poly Clariti Manager
Vendor: CVE Published:; 7 August 2024

What is CVE-2024-41912?

A significant vulnerability has been identified in the firmware of Poly Clariti Manager devices, particularly affecting builds up to version 10.10.2.2. This flaw arises from an inadequate implementation of access controls, potentially allowing unauthorized access to sensitive system functions. Such vulnerabilities can compromise the integrity and confidentiality of device management, presenting risks to organizations relying on the software for secure communications.

Affected Version(s)

Poly Clariti Manager See HP Security Bulletin reference for affected versions.

References

https://support.hp.com/us-en/document/ish_11006235-110062...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2024
Vulnerability Reserved
Jul 23, 2024