Description
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
References (6)
Core 6
Core References
Exploit, Third Party Advisory
https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.249256
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.249256
Various Sources related
https://modzero.com/en/advisories/mz-23-01-poly-voip/
Various Sources exploit
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
Not Applicable related
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
Scores
CVSS v3
5.3
EPSS
0.0010
EPSS Percentile
26.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-404
Status
published
Products (4)
poly/ccx_400_firmware
poly/ccx_600_firmware
poly/trio_8800_firmware
poly/trio_c60_firmware
Published
Dec 29, 2023
Tracked Since
Feb 18, 2026