Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Polycom Subscribe
Filtered by product Hdx System Software
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11355 1 Polycom 1 Hdx System Software 2020-03-18 9.0 HIGH 7.2 HIGH
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.
CVE-2012-6611 1 Polycom 12 Hdx 4002, Hdx 4500, Hdx 6000 and 9 more 2020-02-14 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
CVE-2012-4970 1 Polycom 12 Hdx 4002, Hdx 4500, Hdx 6000 and 9 more 2013-03-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.