CVE-2018-18566

medium

Description

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt

https://seclists.org/bugtraq/2018/Oct/33

http://www.securityfocus.com/bid/105746

Details

Source: Mitre, NVD

Published: 2018-10-24

Updated: 2021-06-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N