CVE-2024-9579
Certain Poly Video Conference Devices – Potential Remote Code Execution
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
Se descubrió una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. La explotación de esta vulnerabilidad depende de un ataque en capas y no puede explotarse por sí sola.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-10-07 CVE Reserved
- 2024-11-05 CVE Published
- 2024-11-05 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| HP, Inc. Search vendor "HP, Inc." | Certain Poly Video Conference Devices Search vendor "HP, Inc." for product "Certain Poly Video Conference Devices" | * | en |
Affected
| ||||||