CVE-2019-11355

Published: Mar 12, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-11355

Description

Affected Products

References