CVE-2019-10688

MEDIUM

Polycom UC Software <5.8.0 & BToE Connector <3.8.0 - Hard-coded Credentials

Title source: llm

Description

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf

Scores

CVSS v3 6.8

EPSS 0.0032

EPSS Percentile 23.4%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (2)

polycom/better_together_over_ethernet_connector < 3.8.0

polycom/unified_communications_software < 5.8.0

Published Apr 23, 2019

Tracked Since Feb 18, 2026