CVE-2018-17875

Name: CVE-2018-17875
Creator: NVD / NIST
Published: 2021-12-28T13:15:07.947+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 2.68%

Last modified Jun 17, 2026

CVE-2018-17875 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.. EPSS estimates a 2.68% chance of exploitation in the next 30 days.

Description

A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.68%

83.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Poly	Trio 8800 Firmware	5.4.0.12197
Poly	Trio 8800 Firmware	5.4.0.12541
Poly	Trio 8800 Firmware	5.4.0.12856
Poly	Trio 8800 Firmware	5.4.1.17597
Poly	Trio 8800 Firmware	5.4.2.5400
Poly	Trio 8800 Firmware	5.4.3.2007
Poly	Trio 8800 Firmware	5.4.3.2389
Poly	Trio 8800 Firmware	5.4.3.2400
Poly	Trio 8800 Firmware	5.4.4.7511
Poly	Trio 8800 Firmware	5.4.4.7609
Poly	Trio 8800 Firmware	5.4.4.7776
Poly	Trio 8800 Firmware	5.4.5.9111
Poly	Trio 8800 Firmware	5.4.5.9658
Poly	Trio 8800 Firmware	5.5.2.11338
Poly	Trio 8800 Firmware	5.5.2.11391
Poly	Trio 8800 Firmware	5.5.3.3441
Poly	Trio 8800 Firmware	5.5.3.3517
Poly	Trio 8800 Firmware	5.5.4.2255
Poly	Trio 8800 Firmware	5.7.1.4095
Poly	Trio 8800 Firmware	5.7.1.4133
Poly	Trio 8800 Firmware	5.7.1.4145

References

http://unkl4b.github.io/Authenticated-RCE-in-Polycom-Trio-8800-pt-1/Exploit, Third Party Advisory
https://support.polycom.com/content/support/emea/emea/en/support/voice/polycom-trio/polycom-trio-8800.htmlProduct, Third Party Advisory
http://unkl4b.github.io/Authenticated-RCE-in-Polycom-Trio-8800-pt-1/Exploit, Third Party Advisory
https://support.polycom.com/content/support/emea/emea/en/support/voice/polycom-trio/polycom-trio-8800.htmlProduct, Third Party Advisory

Timeline

Published: Dec 28, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-17875?

A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.

How severe is CVE-2018-17875?

CVE-2018-17875 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 2.68% probability of exploitation in the next 30 days.

How do I fix CVE-2018-17875?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-17875?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST