Accessibility Skip to content

Studio X50 – Insertion of Sensitive Information into Log File

Vulnerability Summary

A flaw in the logging stores limited credentials in cleartext.  

 

Details

CVE 2022-26480 – Studio X50 Insertion of Sensitive Information into Log File

Access to the device logs discloses the Web Proxy Settings credentials, which could compromise the confidentiality of the proxy.  Typical deployment of the Studio-X30, Studio-X50, and G7500 requires Administrator access to obtain logs from the device.  

Published

Last Update: 3/7/2022
Initial Public Release: 3/7/2022
Advisory ID:  PLYTV21-10

CVE ID: CVE-2022-26480
CVSS Score 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Product Affected
PRODUCTS FIRMWARE FIX
Studio X30

3.6.0

3.7.0
Studio X50

3.6.0

3.7.0
Studio X70

3.6.0

3.7.0
G7500

3.6.0

3.7.0
Solution

Poly recommends all customers upgrade to the latest version. Update Studio X30/X50/X70 or G7500 to firmware version 3.7.0 or later.

 

Workaround

There is no workaround.

Contact

Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support(888) 248-4143, (916) 928-7561, or visit the Poly Support Site.

 

Revision History
VERSION DATE DESCRIPTION
1.0 03/07/2022 Initial Release