CVE-2019-12948
HIGHPolycom Unified Communications Software < 5.8.5.1256 / < 5.9.0 - RCE or DoS
Title source: llmDescription
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-1.pdf
Scores
CVSS v3
8.3
EPSS
0.0173
EPSS Percentile
74.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Details
CWE
CWE-749
Status
published
Products (2)
polycom/unified_communications_software
< 5.8.5.1256
polycom/united_communications_software
< 5.9.0
Published
Jul 29, 2019
Tracked Since
Feb 18, 2026