CVE-2023-4468

low-risk

Published 2023-12-29

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

PHYSICAL / LOW complexity

Affected Products (3)

Trio 8800 Firmware

Trio C60

Lens

Affected Vendors

Poly

References (13)

Not Applicable https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html

https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices

https://modzero.com/en/advisories/mz-23-01-poly-voip/

https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902

Permissions Required https://vuldb.com/?ctiid.249261

Third Party Advisory https://vuldb.com/?id.249261

Third Party Advisory https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/

Not Applicable https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html

https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices

https://modzero.com/en/advisories/mz-23-01-poly-voip/

https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902

Permissions Required https://vuldb.com/?ctiid.249261

Third Party Advisory https://vuldb.com/?id.249261

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 9/34 · Low