Accessibility Skip to content

Improper Restriction of Operations within the Bounds of a Memory Buffer

Vulnerability Summary

A vulnerability was discovered in the firmware build 5.0.9.3 of CCX 500.  A flaw in the certificate validation process could allow a MitM attack.  

 

Details

CVE 2018-15128 - Improper Restriction of Operations within the Bounds of a Memory Buffer

An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.

Poly released a firmware update to address this vulnerability.  There is no workaround.

Published

Last Update: 3/14/2022
Initial Public Release: 11/1/2018
Advisory ID:  PLYTV18-11

CVE ID: CVE-2018-15128
CVSS Score: 9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Affected
PRODUCTS FIRMWARE FIX
Group Series

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7 and later
HDX

3.1.12

3.1.13 and later
Pano

1.1.1

1.2.1 and later
Solution

Poly recommends customers upgrade to the respective firmware builds or later. 

 

Workaround

There is no workaround.

Contact

Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support(888) 248-4143, (916) 928-7561, or visit the Poly Support Site.

 

RECOGNITION

Poly would like to thank Frank Cozijnsen from KPN for reporting security vulnerabilities to us and for their coordinated disclosure.

Revision History
VERSION DATE DESCRIPTION
1.0 11/1/2018 Initial Release
2.0 3/14/2022 Format Changes