Denial of service in Polycom, Polycom HDX 7000 Series
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Polycom HDX 7000 Series Hardware solutions / Firmware |
| Vendor | Polycom, Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Denial of service
EUVDB-ID: #VU480
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: N/A
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause a denial of service conditions on the target system.
The weakness exists due to resource error. Attackers can use a specially crafted XML document type definition (DTD) to cause recursive definition parsing in the XML parser ans cease web traffic handling.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
Update to 3.1.10.
Polycom HDX 7000 Series: 3.1.7-48092
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
