CVE-2018-18566

MEDIUM

Polycom VVX 500 and 601 Firmware < 5.8.0.12848 - Unauthenticated Sensitive Information Exposure via SIP Service

Title source: llm
STIX 2.1

Description

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105746
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2018/Oct/33

Scores

CVSS v3 5.3
EPSS 0.0275
EPSS Percentile 84.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (3)
polycom/unified_communications_software < 5.8.0.12848
polycom/vvx_500_firmware
polycom/vvx_601_firmware
Published Oct 24, 2018
Tracked Since Feb 18, 2026