Create an Account

Sign-in to Your Account

Get Your Poly Lens Desktop App

Access the Poly Lens Portal

Check PDMS-SP Status

Check Poly Cloud Status

Create A Case

Create Product Replacement (RMA)

Headset Compatibility Guide

Intra-Operability Matrix (Voice & Video)

License Dashboard

Online Renewals

Product End of Life Search

Product Registration

Video Test Numbers

Warranty and Entitlement Checker

Product Activation/Upgrade

Poly Cloud Services

Poly Lens

Poly Licensing Center (Virtual Edition)

Poly RealConnect

All Other Poly Products

Security Bulletins

Service Policies

Subscribe to Support Newsletter

Give Us Feedback

Studio X50 – Insertion of Sensitive Information into Log File

Vulnerability Summary

A flaw in the logging stores limited credentials in cleartext.

Details

CVE 2022-26480 – Studio X50 Insertion of Sensitive Information into Log File

Access to the device logs discloses the Web Proxy Settings credentials, which could compromise the confidentiality of the proxy. Typical deployment of the Studio-X30, Studio-X50, and G7500 requires Administrator access to obtain logs from the device.

Published

Last Update: 3/7/2022
Initial Public Release: 3/7/2022
Advisory ID: PLYTV21-10

CVE ID: CVE-2022-26480
CVSS Score 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Product Affected

PRODUCTS	FIRMWARE	FIX
Studio X30	3.6.0	3.7.0
Studio X50	3.6.0	3.7.0
Studio X70	3.6.0	3.7.0
G7500	3.6.0	3.7.0

Solution

Poly recommends all customers upgrade to the latest version. Update Studio X30/X50/X70 or G7500 to firmware version 3.7.0 or later.

Workaround

There is no workaround.

Contact

Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support – (888) 248-4143, (916) 928-7561, or visit the Poly Support Site.

Revision History

VERSION	DATE	DESCRIPTION
1.0	03/07/2022	Initial Release