Poly Video Conferencing Devices Vulnerable to Firmware Flaw
CVE-2024-9579
7.5HIGH
Key Information
- Vendor
- HP, Inc.
- Status
- Certain Poly Video Conference Devices
- Vendor
- CVE Published:
- 5 November 2024
Summary
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
Affected Version(s)
Certain Poly Video Conference Devices = See HP security bulletin reference for affected versions
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database