Denial of service in Polycom HDX 7000 Series - #VU480
Published: September 16, 2016
Vulnerability identifier: #VU480
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Polycom, Inc.
Affected software:
Polycom HDX 7000 Series
Polycom HDX 7000 Series
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service conditions on the target system.
The weakness exists due to resource error. Attackers can use a specially crafted XML document type definition (DTD) to cause recursive definition parsing in the XML parser ans cease web traffic handling.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
The weakness exists due to resource error. Attackers can use a specially crafted XML document type definition (DTD) to cause recursive definition parsing in the XML parser ans cease web traffic handling.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
Remediation
Update to 3.1.10.