CVE-2024-9579
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
05/11/2024
Last modified:
08/11/2024
Description
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:hp:poly_tc8_firmware:*:*:*:*:*:*:*:* | 6.3.2 (excluding) | |
| cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hp:poly_tc10_firmware:*:*:*:*:*:*:*:* | 6.3.2 (excluding) | |
| cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hp:poly_studio_g7500_firmware:*:*:*:*:*:*:*:* | 4.3.2 (excluding) | |
| cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hp:poly_studio_x30_firmware:*:*:*:*:*:*:*:* | 4.3.2 (including) | |
| cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hp:poly_studio_x50_firmware:*:*:*:*:*:*:*:* | 4.3.2 (excluding) | |
| cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hp:poly_studio_x70_firmware:*:*:*:*:*:*:*:* | 4.3.2 (excluding) | |
| cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hp:poly_studio_x52_firmware:*:*:*:*:*:*:*:* | 4.3.2 (excluding) | |
| cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hp:poly_studio_g62_firmware:*:*:*:*:*:*:*:* | 4.3.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page