HDX Vulnerability: Latest update on a security issue identified in our HDX video conferencing system

Polycom Employee & Community Manager

HDX Vulnerability: Latest update on a security issue identified in our HDX video conferencing system

Polycom is issuing the attached Security Advisory relating to a critical vulnerability discovered on the Polycom HDX Video System. 

 

As discussed in the Security Advisory, Polycom has been made aware of a critical vulnerability in the Polycom shell (psh) functionality on the HDX Video System’s diagnostics port (port tcp/23).  This vulnerability could allow a remote attacker to execute arbitrary code on the HDX, which could lead to a compromise of the system.

 

HDX Vulnerability: Latest update on a security issue identified in our HDX video conferencing system

Polycom has released HDX version 3.1.12  on November 23, 2017. This release is addressing this vulnerability. It can be accessed by clicking  here.

 

Polycom appreciates and values the members of the security research community who find vulnerabilities, bring them to our attention, and work with Polycom in a coordinated effort so that security fixes can be issued to all impacted customers.  We would like to thank the independent security researchers at SensePost for discovering this vulnerability and alerting us.

If you have any questions about the vulnerability or our solution or mitigation recommendations, please contact our Polycom Support Group by calling 1-800-POLYCOM or visiting:

 

http://support.polycom.com/PolycomService/support/us/support/documentation/security_center.html


Ludwig Heil
Polycom Community Manager


Please Note:

The purpose of this forum is to allow community members to collaborate and help each other. Questions posted here do not follow Polycom’s SLA guidelines. ,br>
We encourage you to be active on this community and post or reply to questions at any time. If you see a post that helped you and answered your question, please give it a Kudo and/or mark it as a solution by clicking the "Accept as Solution" button.

If your issue requires a fix from Polycom, you must go through the official Polycom support channels.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

This post or forum reply is based on my personal experience and does not reflect the opinion or view of Polycom.