Lucene search

MitreCVE-2018-17875

HistoryDec 28, 2021 - 1:15 p.m.

CVE-2018-17875

2021-12-2813:15:07

mitre

web.nvd.nist.gov

cve-2018-17875

remote code execution

ping command

poly trio 8800

nvd

unspecified vectors

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.

Affected configurations

Nvd

Node

polytrio_8800Match-

AND

polytrio_8800_firmwareMatch5.4.0.12197

polytrio_8800_firmwareMatch5.4.0.12541

polytrio_8800_firmwareMatch5.4.0.12856

polytrio_8800_firmwareMatch5.4.1.17597

polytrio_8800_firmwareMatch5.4.2.5400

polytrio_8800_firmwareMatch5.4.3.2007

polytrio_8800_firmwareMatch5.4.3.2389

polytrio_8800_firmwareMatch5.4.3.2400

polytrio_8800_firmwareMatch5.4.4.7511

polytrio_8800_firmwareMatch5.4.4.7609

polytrio_8800_firmwareMatch5.4.4.7776

polytrio_8800_firmwareMatch5.4.5.9111

polytrio_8800_firmwareMatch5.4.5.9658

polytrio_8800_firmwareMatch5.5.2.11338

polytrio_8800_firmwareMatch5.5.2.11391

polytrio_8800_firmwareMatch5.5.3.3441

polytrio_8800_firmwareMatch5.5.3.3517

polytrio_8800_firmwareMatch5.5.4.2255

polytrio_8800_firmwareMatch5.7.1.4095

polytrio_8800_firmwareMatch5.7.1.4133

polytrio_8800_firmwareMatch5.7.1.4145

VendorProductVersionCPE
polytrio_8800-cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.0.12197cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12197:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.0.12541cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12541:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.0.12856cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12856:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.1.17597cpe:2.3:o:poly:trio_8800_firmware:5.4.1.17597:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.2.5400cpe:2.3:o:poly:trio_8800_firmware:5.4.2.5400:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.3.2007cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2007:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.3.2389cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2389:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.3.2400cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2400:*:*:*:*:*:*:*
polytrio_8800_firmware5.4.4.7511cpe:2.3:o:poly:trio_8800_firmware:5.4.4.7511:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
poly	trio_8800	-	cpe:2.3:h:poly:trio_8800:-:::::::*
poly	trio_8800_firmware	5.4.0.12197	cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12197:::::::*
poly	trio_8800_firmware	5.4.0.12541	cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12541:::::::*
poly	trio_8800_firmware	5.4.0.12856	cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12856:::::::*
poly	trio_8800_firmware	5.4.1.17597	cpe:2.3:o:poly:trio_8800_firmware:5.4.1.17597:::::::*
poly	trio_8800_firmware	5.4.2.5400	cpe:2.3:o:poly:trio_8800_firmware:5.4.2.5400:::::::*
poly	trio_8800_firmware	5.4.3.2007	cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2007:::::::*
poly	trio_8800_firmware	5.4.3.2389	cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2389:::::::*
poly	trio_8800_firmware	5.4.3.2400	cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2400:::::::*
poly	trio_8800_firmware	5.4.4.7511	cpe:2.3:o:poly:trio_8800_firmware:5.4.4.7511:::::::*

Rows per page:

1-10 of 221

References

unkl4b.github.io/Authenticated-RCE-in-Polycom-Trio-8800-pt-1/

support.polycom.com/content/support/emea/emea/en/support/voice/polycom-trio/polycom-trio-8800.html

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

Related for CVE-2018-17875