Accessibility Skip to content

Poly Systems - Heartbleed Impact

Vulnerability Summary

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.

 

Details

CVE 2014-0160

Through exploiting the heartbeat feature in OpenSSL versions 1.0.1 through 1.0.1f, an attacker can capture memory from the host 64k at a time. Successive 64k sections of memory can be captured until the attacker has captured the desired data. This could include, at worst case, a copy of the server’s private key.

Published

Last Update: 3/4/2022
Initial Public Release: 4/9/2014
Advisory ID:  PLYGN14-01

CVE ID: CVE-2014-0160
CVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product Affected
Managed Applications Version Vulnerable Notes
CMA All Not Vulnerable  
RealPresence Distributed Media Application (DMA) All Not Vulnerable  
RealPresence Resource Manager (RPRM) All Not Vulnerable  
RealPresence Video DualManager 400 (RPDM) All Not Vulnerable  
RealPresence Platform Suite (SoftRPP) All Not Vulnerable  
Product Affected
Telepresence Rooms Version Status Notes
VSX Series All Not Vulnerable  
HDX Series 3.0.x and Older Versions Not Vulnerable  
HDX Series 3.1.x and Greater Versions Vulnerable Fixed in version 3.1.3.2
HDX Series 3.1.3.2 Not Vulnerable Fixes earlier 3.x vulnerabile versions - not currently recommended for CMS/Halo
QDX 6000 All Not Vulnerable  
RealPresence Group Series All Vulnerable 4.1.3.2 fixes all 4.1.x versions
4.0.2.2 fixes all 4.0.x versions
RealPresence Group Series 4.0.2.2 Not Vulnerable 4.0.2.2 fixes all 4.0.x versions
RealPresence Group Series 4.1.3.2 Not Vulnerable 4.1.3.2 fixes all 4.1.x versions
Product Affected
Immersive Telepresence Version Status Notes
ITP 2.7.1 Not Vulnerable Uses HDX 2.6.1.3_itp271-5267
ITP 3.0.1 Not Vulnerable Uses HDX 3.0.1-10628
ITP 3.0.2 Not Vulnerable Uses HDX 3.0.2-11176
ITP 3.0.3 Not Vulnerable Uses HDX 3.0.3-14451
ITP 3.0.5 Not Vulnerable Uses HDX 3.0.5-22695
ITP 3.1 Vulnerable Fixed by HDX 3.1.3.2
ITP 3.1.2 Vulnerable Fixed by HDX 3.1.3.2
ITP 3.1.3 Vulnerable Fixed by HDX 3.1.3.2
ITP with HDX (ATX, OTX, RPX, TPX)     See HDX Section for any fixes
ITP with Group Series (Immersive Studio)     See Group Series Section for any fixes
RPIS 4.1.2 Vulnerable Fixed by Group Series 4.1.3.2
RPIS 4.1.3 Vulnerable Fixed by Group Series 4.1.3.2
CMS/Halo All Vulnerable HDX and RMX are the only vulnerable components
Product Affected
Desktop & Mobile Video Conferencing Version Status Notes
RealPresence Desktop All Versions All Versions  
RealPresence Mobile All Versions All Versions  
CMA Desktop All Versions All Versions  
Product Affected
RealPresence Collaboration Server 1500, 1800, 2000 and 4000 (RMX) Version Status Notes
RMX All verison prior to 8.1 Not Vulnerable  
RMX 8.1.4.x Vulnerable Fixed with hotfix 8.1.7.37.022.543.002
RMX 8.1.7.x Vulnerable Fixed with hotfix 8.1.7.37.022.543.002
RMX 8.2.x Vulnerable Fixed with hotfix 8.2.0.85.13.544.002
RMX 8.3.x Vulnerable New 8.3.0.246 fix replaces 8.3.0.245.477.003
RMX 8.2.0.85.13.544.002 Not Vulnerable Fixes 8.2.x
RMX 8.3.0.245.477.003 (Hot fix) Not Vulnerable Expired fix for 8.3.x
RMX 8.3.0.246 Not Vulnerable Fix for 8.3.x
MGC-25, MGC-50, MGC-100 All Not Vulnerable  
RealPresence Collaboration Server, Virtual Edition (SoftMC) 8.3.x Not Vulnerable  
S4GW Serial Gateway for RMX All Not Vulnerable  
Product Affected
Media Capture & Sharing Version Status Notes
Recording and Streaming Server (RSS) 4000 All Version Not Vulnerable  
Recording and Streaming Server (RSS) 2000 All Version Not Vulnerable  
RealPresence Capture Server All Versions Not Vulnerable  
RealPresence Capture Station Pro All Versions Not Vulnerable  
RealPresence Capture Station Portable Pro All Versions Not Vulnerable  
RealPresence Media Manager All Versions Not Vulnerable  
Media Editor All Versions Not Vulnerable  
CSS Client All Versions Not Vulnerable  
CSS Server All Versions Not Vulnerable  
Product Affected
Firewall Traversal & Security Version Status Notes
Video Border Proxy (VBP) E & ST Series 11.1x Not Vulnerable  
Video Border Proxy (VBP) E & ST Series 11.2.11 - Hot fix Not Vulnerable  
Video Border Proxy (VBP) E & ST Series 11.2.12 - GA Vulnerable Fixed with version 11.2.17
Video Border Proxy (VBP) E & ST Series 11.2.16 - GA Vulnerable Fixed with version 11.2.17
Video Border Proxy (VBP) E & ST Series 11.2.17 Not Vulnerable Fixes earlier vulnerable versions
RealPresence Access Director (RPAD) All Version Not Vulnerable  
Product Affected
CloudAXIS Version Status Notes
CloudAXIS MEA (Web Experience Portal) All Versions Not Vulnerable  
CloudAXIS WSP (Web Service Portal) All Versions Not Vulnerable  
RealPresence Platform Director All Versions Not Vulnerable  
Product Affected
Desktop Video & Voice Solutions Version Status Notes
SoundPoint, SoundStation, SoundStructure, VVX, (VoIP Interface) Families All Versions 4.0.x Not Vulnerable  
SoundPoint, SoundStation, VVX Families UCS 3.3.0.1098 rts 35 -
UCS 3.3.4.0085 rts 6
Not Vulnerable  
SoundPoint, SoundStation, VVX Families SIP 3.2.0 rts 44-
SIP 3.2.7.0198 rts 10
Not Vulnerable  
SoundPoint, SoundStation, and SoundStructure (VoIP Interface) Families UCS 4.1.0.84959 rts 421 -
UCS 4.1.6.4835 rts 50
Vulnerable & Fixed UCS 4.1.6 patch fix delivered, UCS 5.0.2 patch fix delivered, UCS 4.1.0 patch fix delivered, UCS 5.1.0 patch fix delivered, UCS 4.1.7 patch fix delivered
VVX and SoundStructure (VoIP Interface) Families UCS 4.1.3.7864 rts 21G -
UCS 5.0.1.7396 rts 56 Q
Vulnerable & Fixed UCS 4.1.6 patch fix delivered, UCS 5.0.2 patch fix delivered, UCS 4.1.0 patch fix delivered, UCS 5.1.0 patch fix delivered, UCS 4.1.7 patch fix delivered
Zero Touch Provisioning Solution - ZTP (User Portal) N/A Not Vulnerable Fixed as of April 11, 2014
Unified Conference & Collaboration Stations
CX100, CX300, CX500, CX600, CX3000
All Not Vulnerable  
Product Affected
Accessories Version Status Notes
TouchControl (PTC) All Not Vulnerable  
People + Content IP (PP CIP) All Not Vulnerable  
Solution

As fixes become available for a given product, that information will appear in this bulletin in subsequent releases.  Polycom will continue updating this bulletin until all fixes are in place. Polycom recommends that users of any Polycom product listed in the table above as being vulnerable update to the “FIXED” version of their product as soon as such a version becomes available. 

 

Workaround

At this time, many affected products have older versions to which you can temporarily regress (install older version). If you can temporarily run an older product version, this is recommended.

For some products, mitigations exist solely in the realm of controlling the presence of encrypted traffic on any system that uses a vulnerable version of OpenSSL. Basic suggestions at this time are to:

  1. Place the Polycom product behind a firewall whenever possible, such that outsiders do not have access to ports used by OpenSSL on the device (usually only HTTPS, but sometimes other protocols that use TLS such as secure LDAP or secure SIP are involved).
  2. Turn off any services that use OpenSSL (if relevant) if at all possible. When new fixes become available, new certificates can be issued for your system, thus occluding any knowledge an attacker might have gained with regards to your old encryption certificates or keys.

For the voice products currently listed as vulnerable, a mitigation specific to these products is available: Set your httpd.enabled flag to = 0 (zero). This disables web access of all kinds, and blocks known heartbeat vectors into the system.

Contact

Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support(888) 248-4143, (916) 928-7561, or visit the Poly Support Site.

 

Revision History
VERSION DATE DESCRIPTION
1.0 4/9/2014 Initial Release
1.1 4/10/2014 More detail for more products andfirst estimates for fix dates. Improved mitigation detail.
1.2 4/14/2014 More products, better detail, betterlistings for affected members of Soundpoint family.
1.3 4/14/2014 Product list condensation (“versionsolder than”). HDX and Group Series fix date estimates published. Incorrectmitigation advice for RMX posted.
1.4 4/15/2014 More condensation and accuracy.Mitigation advice removed from RMX.
1.5 4/17/2014 RMX estimate for fix date, HDX fixdate estimate moved in, mitigation for those members of Soundpoint familyaffected.
1.6 4/18/2014 Added UCS fix dates for the affectedVVX, Soundstation, Soundstructure systems. Added new language at the top and bottom of the document reminding that it is aliving doc, updates of which can be found on Polycom’s website
1.7 4/22/2014 New formatting, fix announcements forHDX and RMX, condensed table format
1.8 4/26/2014 Group Series fix announced. Moredetail for RMX fixes for older versions. Added PPCIP. Note about ITP and HDXfix. Changed dates on UCS phones.
1.9 4/28/2014 Clarification on HDX/ITP and HDX/CMS,Fixes for many of the UCS phones, CMS/Halo & S4GW added as their ownitems.
1.10 5/6/2014 RMX 8.2, Group Series 4.0, RPIS
1.11 5/15/2014 All RMX fixes finalized, RMX 8.3 fixreplaced with new RMX 8.3 fix. One more set of phone fixes has arrived.
1.12 6/5/2014 Final version – UCS 4.0.x clarifiedand UCS 4.1.7 listed as fixed
2.0 3/4/2022 Format Changes

©2022 Plantronics, Inc. All rights reserved.

Trademarks
Poly, the propeller design, and the Poly logo are trademarks of Plantronics, Inc.  All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Poly.

Disclaimer
While Poly uses reasonable efforts to include accurate and up-to-date information in this document, Poly makes no warranties or representations as to its accuracy. Poly assumes no liability or responsibility for any typographical errors, out of date information, or any errors or omissions in the content of this document. Poly reserves the right to change or update this document at any time. Individuals are solely responsible for verifying that they have and are using the most recent Technical Bulletin. 

Limitation of Liability
Poly and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Poly and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive, or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Poly has been advised of the possibility of such damages.