Improper Restriction of Operations within the Bounds of a Memory Buffer
A vulnerability was discovered in the firmware build 220.127.116.11 of CCX 500. A flaw in the certificate validation process could allow a MitM attack.
CVE 2018-15128 - Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in Polycom Group Series 18.104.22.168 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
Poly released a firmware update to address this vulnerability. There is no workaround.
Last Update: 3/14/2022
Initial Public Release: 11/1/2018
Advisory ID: PLYTV18-11
CVE ID: CVE-2018-15128
CVSS Score: 9.8
|6.1.7 and later|
|3.1.13 and later|
|1.2.1 and later|
Poly recommends customers upgrade to the respective firmware builds or later.
There is no workaround.
Poly would like to thank Frank Cozijnsen from KPN for reporting security vulnerabilities to us and for their coordinated disclosure.