Accessibility Avançar para o conteúdo
ID do artigo: 000034727
Last Modified Date: 10/12/2021
Access Level: Public

How to disable ports 80 and 443 on Polycom phones for PCI Compliance

Symptom:
Customer may report that Polycom phones fail PKI compliance scans like Nexpose by Rapid 7 (https://www.rapid7.com/products/nexpose/)
 
Spicificly the two vulnerabilities pointed out are:
1. CVE-2016-2183 The DES and Triple DES ciphers 
https://www.rapid7.com/db/vulnerabilities/WINDOWS-HOTFIX-MS12-006 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
2. CVE-2011-3389 man-in-the-middle "BEAST" attack
https://www.rapid7.com/db/vulnerabilities/ssl-cve-2016-2183-sweet32 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183
 
Add the settings below to configure the phone to pass the PKI scan:
 
apps.push.secureTunnelEnabled="0
httpd.cfg.enabled="0
httpd.cfg.port="80
httpd.cfg.secureTunnelEnabled="0
httpd.cfg.secureTunnelPort="443
httpd.cfg.secureTunnelRequired="1
httpd.ta.enabled="0
httpd.ta.port="80
httpd.ta.secureTunnelEnabled="0
httpd.ta.secureTunnelPort="443
httpd.ta.secureTunnelRequired="1