cbcvebase.
CVE-2012-6610
published 2020-01-28

CVE-2012-6610: Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a…

PriorityP266high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
10.88%
95.3th percentile
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.

Affected

2 ranges
VendorProductVersion rangeFixed in
polycomhdx_video_end_points< 3.0.43.0.4
polycomuc_apl< 2.7.1.j2.7.1.j

Detection & IOCsextracted from sources · hover to see the quote

commandping ; <arbitrary command>
porttelnet (23)
  • Detect OS command injection via semicolon delimiter in the ping command on Polycom HDX Command Shell (telnet service)
  • Monitor for simultaneous/concurrent telnet connections to Polycom HDX endpoints, which can trigger authentication bypass on the Command Shell service
  • Alert on unauthenticated telnet sessions to Polycom HDX devices running software versions 3.0.5 and earlier
  • ·The auth bypass requires simultaneous connections; single sequential connections may not trigger the vulnerability
  • ·Command injection (ping semicolon) applies only to versions prior to 3.0.4; the auth bypass affects versions up to and including 3.0.5
  • ·UC APL variant has a different patched version threshold (2.7.1.J) compared to standard HDX endpoints (3.0.4)

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.