Plantronics + Polycom. Now together as Poly Logo

Replay Attack

Highlighted
Visitor

Replay Attack

Hello all, I was just wondering...because I can't seem to find this information anywhere else...if anyone knew how the HDX family of codecs defends against replay attacks?  Do they use time stamps or SRTP or something like that?  The codecs that I have are fairly old as well.  Mostly HDX 7000's and a few HDX 8000's.  They're running software in the range of 2.7.0 through 3.1.11 and various versions in between..most are 2.7.3.2.  I just started a new position and am still taking stock of what gear I have in the various conference rooms that I'm managing as well as their security vulnerabilities. I'm fairly certain that none of the units are in an active service contract with Polycom either.  Any help would be greatly appreciated.  Thanks in advance!  

Message 1 of 4
3 REPLIES 3
Highlighted
Regular Advisor

Re: Replay Attack

The HDX was EOL in July 2019, There were several firmware updates in 2018-2019 to fix VTM's I believe. I would be sure you are at the last rev of 3.1.14

Message 2 of 4
Highlighted
Visitor

Re: Replay Attack

Thanks for the response!  Please excuse my ignorance, but what is VTM?  Do you know where I can find documentation regarding replay attack security as it pertains to the Polycom HDX family?  The latest software I've found, that's approved for government use, is 3.1.11.  Which I've found here-

https://www.polycom.com/solutions/solutions-by-industry/us-federal-government/certification-accredit...

 

Software upgrades are in the air currently due to trying to figure out who that responsibility belongs to. Even in the guide for maximum security environments...I can't find anything that says, "This is what polycom uses to defend against replay attacks.."(I'm paraphrasing of course).  I'm also managing a couple Cisco VTC rooms.  Cisco's literature does specifically say, "This is what we use to defend against replay attacks.."(paraphrasing again).  I'll keep looking but any help in the right direction would be much appreciated.  Thanks in advance!  Have a great day!

Message 3 of 4
Highlighted
Regular Advisor

Re: Replay Attack

Sorry - VTM is what my org uses as an acronym for Vulnerability Threat Management. Do you know the CVE number for replay? 

Message 4 of 4