Accessibility Skip to content

Poly Security Center

Security is our Top Priority

At Poly, information security is a top priority across all our products and services. We support the discovery and reporting of vulnerabilities to increase the security posture of our products. We welcome and encourage members of the security research community to bring any vulnerability to our attention, we will work in a coordinated manner so that security fixes can be delivered to the Poly user base securely and openly.

Contact Info

To contact the Poly Product Security Office (PSO) or to report a product security issue, please email security@poly.com.

 

Additional Information

Poly’s Product Vulnerability Disclosure Policy can be found here.

Whitepapers for security and privacy related information for Poly products and services can be found here.

DATE ID# TITLE
02-23-22 PLYGN21-08 Poly Systems – Apache Log4j

09-29-21

Security Advisory Version 1.0

Plantronics Hub – Local Privilege Escalation

09-07-21 Security Bulletin Version 1.0 CX5100/CX5500 Authenticated Command Injection
04-30-21 Security Advisory Version 1.0 Information Disclosure Vulnerability Poly VOIP Phones
02-24-21 Security Advisory Version 1.0 Information Disclosure Vulnerability Poly VOIP Phones
02-24-21 Security Bulletin Version 1.1 Increased SIP Provisioning Attacks
02-22-21 Security Advisory Version 1.0 Information Disclosure Vulnerability Poly ZTP Service
01-20-21 Security Bulletin Version 1.0 Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-352A
04-24-20 Security Bulletin Version 1.0 Poly Recommended Best Security Practices for Unified Communications
04-01-20 Security Advisory Version 1.0 Poly Voice Endpoints – XSS and CSRF Vulnerabilities
02-07-20 Security Bulletin Version 1.0 CCX500 - UI Vulnerability Allows Access to Android Settings
01-15-20 Security Bulletin Version 1.6 Worldwide H.323 and SIP Botnet Calling Video Systems
01-10-20 Security Advisory Version 1.2.0 Remote Code Execution Vulnerability in UCS Software
01-10-20 Security Advisory Version 1.0.0 Vulnerabilities in VxWorks Operating System and Poly Products
09-04-19 Security Advisory Version 1.0.0 Plantronics Hub - Local Privilege Escalation Vulnerability
08-06-19 Security Advisory Version 1.0 Remote Code Execution Vulnerability in Obihai OBi1022
06-19-19 Security Advisory Version 1.1 Insufficient Authentication Resulting in Information Leakage on VVX Products
06-14-19 Security Advisory Version 1.1 Hard Coded Credentials Vulnerability in VVX Products
04-26-19 Security Advisory Version 1.0 Multiple Vulnerabilities in HDX Products Older than 3.1.14
02-20-19 Security Bulletin Version 1.0 HDX (versions older than 3.1.13) can be affected by multiple Botnets
01-24-19 Security Advisory Version 1.1 Cyber Threats Targeting Default Passwords
11-30-18 Security Bulletin Version 1.1 TLS 1.2 and Microsoft O365 Impacts to Polycom Products
11-05-18 Security Bulletin Version 1.0 Bluetooth Authentication Weakness Found in Trio
11-05-18 Security Bulletin Version 1.0 Stored Cross-Site Scripting Found in Trio
11-01-18 Security Bulletin Version 1.0 Remote Code Execution Vulnerability Found in Group Series
08-10-18 Security Bulletin Version 1.1 HDX SoftwareVersions Older than 3.1.12 and Omni Botnet
07-12-18 Security Advisory Version 1.9 Processor Based "Speculative Execution" Vulnerabilities AKA "Spectre" and "Meltdown" on Polycom Products
07-11-18 Security Advisory Version 1.2 Vulnerabilities in Polycom VVX Phones and UC Software
07-03-18 Security Advisory Version 1.0 Polycom UCS Software Vulnerabilities
06-26-18 Security Advisory Version 1.1 RealPresence Web Suite Vulnerability
05-10-18 Security Advisory Version 1.0 RealPresence Debut Vulnerabilities
03-05-18 Security Advisory Version 1.0 QDX 6000 Vulnerabilities
12-20-17 Security Advisory Version 1.2 "Krack" Vulnerability with Polycom Products
11-24-17 Security Advisory Version 1.2 Remote Code Execution on HDX Endpoints
10-18-17 Security Advisory Version 1.1 BlueBorne Bluetooth Vulnerabilities
08-28-17 Security Advisory Version 1.0 Information Disclosure on Multiple Polycom Products
08-11-17 Security Bulletin Version 1.1 WannaCry Vulnerability and Polycom Products
06-14-17 Security Bulletin Version 1.0 Relating to CVE-2017-7494 "SambaCry" Vulnerability and Polycom Products
03-22-17 Security Bulletin Version 1.0 Relating to CVE-2017-5638 "Apache Struts" Vulnerability and Polycom Products
10-26-16 Security Advisory Version 1.1 Relating to CVE-2016-5195 "Dirty COW" Vulnerability
09-20-16 Security Advisory Version 2.0 Relating to a Cross-site Scripting (XSS) Vulnerability in Polycom HDX Video Endpoints
09-13-16 Security Advisory Version 1.0 Relating to an XML External Entity (XXE) Vulnerability in Polycom HDX Video Endpoints)
04-06-16 Security Advisory Version 1.2 Relating to a GNU glibc DNS Vulnerability (CVE-2015-7547)
03-08-16 Security Bulletin Version 1.0 Relating to CVE-2016-0800 “DROWN” Vulnerability and Polycom Products
02-09-16 Security Office Update 2.0 Security Update Relating to H.323 and SIP AES Media Encryption on Polycom Products
12-16-15 Security Advisory Version 1.0 Relating to RealPresence Capture Server and RealPresence Media Suite Appliance Editions
12-09-15 Security Advisory Version 1.0 Relating to Path Traversal Vulnerabilities in Polycom VVX Business Media Phones
10-23-15 Security Advisory Version 2.0 Relating to GHOST glibc Vulnerability
10-23-15 Security Advisory Version 1.6.1 Relating to Logjam Vulnerability
06-29-15 Security Bulletin Version 1.0 RealPresence Resource Manager 8.4 security fixes summary
06-23-15 Security Advisory Version 1.0 Relating to Command Shell Vulnerability in Polycom Group Series Video Endpoints
06-23-15 Security Advisory Version 1.0 Relating to Inadequate SSH Restrictions Vulnerability in Polycom Group Series Video Endpoints
06-23-15 Security Advisory Version 1.0 Relating to Software Update Vulnerability in Polycom Group Series Video Endpoints
06-23-15 Security Advisory Version 1.0 Relating to Weak Entropy Vulnerability in Polycom Group Series Video Endpoints Web Cookies
06-17-15 Security Bulletin Version 1.0 Relating to "Tomcat Denial of Service"
06-15-15 Security Bulletin Version 1.0 Relating to Leap Second Insertion
04-20-15 Security Bulletin Version 1.6 Relating to SSLv3 "POODLE" Vulnerability and Polycom Products
10-24-14 Security Advisory Version 1.7 Relating to Bash shell arbitrary code execution on Various Polycom Products
10-06-14 Security Bulletin Version 1.2 Relating to Multiple OpenSSL Vulnerabilities on Various Polycom Products
06-05-14 Security Advisory Version 1.12 Relating to OpenSSL Vulnerability “Heartbleed” on Various Polycom Products
12-20-13 Security Bulletin 5471 Relating to JBoss Application Server on RealPresence Resource Manager
03-14-13 Security Bulletin 102404 Security Advisory relating to telnet shell authorization bypass on Polycom HDX Video Endpoints
03-14-13 Security Bulletin 107522 Security Advisory Relating to the Firmware Update Command Injection Vulnerability on Polycom HDX Video Endpoints
03-14-13 Security Bulletin 107523 Security Advisory Relating to the Command Shell Vulnerability on Polycom HDX Video Endpoints
03-14-13 Security Bulletin 107524 Security Advisory Relating to the H.323 Format String Vulnerability on Polycom HDX Video Endpoints
03-14-13 Security Bulletin 107525 Security Advisory Relating to the H.323 CDR Database SQL Injection on Polycom HDX Video Endpoints
03-14-13 Security Bulletin 107526 Security Advisory Relating to the PUP File Header MAC Signature Bypass on Polycom HDX Video Endpoints