6.5

CVE-2019-10689

EPSS 0.33%
Veröffentlicht 24.06.2019 22:15:08
Zuletzt bearbeitet 21.11.2024 04:19:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Polycom ≫ Better Together Over Ethernet Connector Version <= 3.9.1

Polycom ≫ Unified Communications Software Version <= 5.9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.555

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/108799

Third Party Advisory

VDB Entry

https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10689

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10689

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10689

EUVD