• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hi Team 

 

we have observed so many Vulnerabilities in our polycom device .we have updated the UC software to the latest one

UC Software Version4.1.1.0731
BootROM Software Version5.1.1.0132

 

But Vulnerabilities still exisist .Kinldy suggest how to fix ths Vulnerabilities.

 

List of the Vulnerabilities

 

SSL Server Supports Weak Encryption Vulnerability
SSL/TLS use of weak RC4 cipher
SSL/TLS Server supports TLSv1.0
SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
6 REPLIES 6
HP Recommended

Hello Bivin VIjai,

welcome to the Polycom Community.

Thank you for the information you provided but it would also be helpful if you could also elaborate on the actual product that you have found this.

 

Please also provide details on what SIP / LYNC server you are using.

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

HI Team

 

We are using Asterisk server as the SIP server and all Polycom phones are connected to this sever .

 

we are using the IP phone 330, 331 ,335 and VVX 500

 

we have updated the to the latest UC software :-

  

Phone Information  Phone Model SoundPoint IP 335

Part Number 2345-12375-001 Rev:B

MAC Address 00:04:F2:CB:37:07

IP Address XXXXXXXXXX

UC Software Version 4.0.7.2514

BootROM Software Version 5.0.7.1284

 

Please let us know the non Vulnerabile UC software version for this models .

 

we have tried with diiferent UC software and the isuue still persist .

HP Recommended

Hello Bivin VIjai,

 

  • For all SoundPoint / SoundStation IP phones using SIP and not LYNC UC Software 4.0.11 is the latest software
    4.1.1 is for LYNC only and older
  • For all VVX Phones using SIP and not LYNC UC Software 5.5.0 is the latest software
    UC Software 5.4.4 is for LYNC / Skype only

 

Please ensure you are using the above and I work with our security department to work on confirmation if the items listed by yourself are already addressed.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Hello Bivin VIjai,

In addition check the Configurable TLS Cipher Suites  Section within the Admin Guides or you can check the Settings > Network > TLS > TLS Profiles > Platform X settings.

 

This section, when changed to Customer, allows you to change Cipher Suite's.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

HI  Steffen
 
We have updated the Firwamre to 4.0.11 and  Vulnerabilities is still prestist .

 

Can you please let us know how to fix the same

HP Recommended

Hi 

 

 

Please find the TLS configuration screeshot.

 

 

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.