CVE-2012-6610

high-risk

Published 2020-01-28

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.

Do I need to act?

56.1% chance of exploitation in next 30 days

EPSS score — higher than 44% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (2)

Hdx Video End Points

Uc Apl

Affected Vendors

Polycom

References (4)

Mailing List http://seclists.org/fulldisclosure/2012/Mar/18

Third Party Advisory https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo...

Mailing List http://seclists.org/fulldisclosure/2012/Mar/18

Third Party Advisory https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 18/34 · Moderate

Exposure 7/34 · Low