Poly ZTP - Exposure of Sensitive Information to an Unauthorized Actor
A vulnerability in the Poly Zero Touch Provisioning (ZTP) solution could allow an authenticated, remote attacker to obtain pre-provisioning information.
CVE 2022-26881 – Poly ZTP Exposure of Sensitive Information to an Unauthorized Actor
A successful exploit could allow the attacker to extract pre-provisioning information, including the provisioning server address and other device provisioning information.
Last Update: 3/10/2022
Initial Public Release: 2/22/2021
Advisory ID: PLYGN21-02
CVE ID: CVE-2022-26881
CVSS Score: 5.8
Poly has added additional monitoring and active blocking updates to mitigate this vulnerability. Poly will be making further enhancements to the ZTP service to enhance security of the service.
There is no workaround.