Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4970

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4970
Last Modified 25 Mar 2013 11:39:17
Published 01 Jan 2013 07:35:13
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4970

Summary

Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Polycom Hdx System Software 2.0.5 J

  • Polycom Hdx System Software 2.5.0.7

  • Polycom Hdx System Software 2.5.0.7 G

  • Polycom Hdx System Software 2.6.1

  • Polycom Hdx System Software 2.6.1.3

  • Polycom Hdx System Software 2.7.0 J

  • Polycom Hdx System Software 2.7.1 J

  • Polycom Hdx System Software 3.0.0

  • Polycom Hdx System Software 3.0.0.1

  • Polycom Hdx System Software 3.0.0.2

  • Polycom Hdx System Software 3.0.1

  • Polycom Hdx System Software 3.0.2

  • Polycom Hdx System Software 3.0.3

  • Polycom Hdx System Software 3.0.3.1

  • Polycom Hdx System Software 3.0.4


References

CONFIRM - http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf

BUGTRAQ - 20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability

SECTRACK - 1027926


Last Updated: 27 May 2016 11:01:30