CVE-2018-18566
Last modified
CVE-2018-18566 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.. EPSS estimates a 2.75% chance of exploitation in the next 30 days.
Description
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Polycom | Unified Communications Software | <= 5.8.0.12848 |
| Polycom | Vvx 601 Firmware | All versions |
| Polycom | Vvx 500 Firmware | All versions |
References
- http://www.securityfocus.com/bid/105746Third Party Advisory, VDB Entry
- https://seclists.org/bugtraq/2018/Oct/33Exploit, Mailing List, Third Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txtExploit, Third Party Advisory
- http://www.securityfocus.com/bid/105746Third Party Advisory, VDB Entry
- https://seclists.org/bugtraq/2018/Oct/33Exploit, Mailing List, Third Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txtExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-18566?
How severe is CVE-2018-18566?
How do I fix CVE-2018-18566?
Are you affected by CVE-2018-18566?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST