#VU8242 Buffer over-read in Polycom, Inc. products - CVE-2017-12857
Published: September 12, 2017
Vulnerability identifier: #VU8242
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12857
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RealPresence Trio
VVX
SoundStation IP
RealPresence Trio
VVX
SoundStation IP
Software vendor:
Polycom, Inc.
Polycom, Inc.
Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The weakness exists due to buffer over-read. A remote attacker can upload a specially crafted file containing null characters and obtain potentially sensitive information from uninitialized system memory.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to buffer over-read. A remote attacker can upload a specially crafted file containing null characters and obtain potentially sensitive information from uninitialized system memory.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
The vulnerability is addressed in the following version: UCS 4.0.12, 5.6.0, 5.5.2, 5.4.7, 5.4.5.