CVE-2019-12948

HIGH

Polycom Unified Communications Software - Denial of Service

Title source: rule

Description

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

References (1)

[Vendor Advisory] https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf

Scores

CVSS v3 8.3

EPSS 0.0119

EPSS Percentile 79.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Details

CWE

CWE-749

Status published

Products (2)

polycom/unified_communications_software < 5.8.5.1256

polycom/united_communications_software < 5.9.0

Published Jul 29, 2019

Tracked Since Feb 18, 2026