Plantronics + Polycom. Now together as Poly Logo

Polycom Phone Vulnerabilities

Highlighted
Occasional Advisor

Polycom Phone Vulnerabilities

Hi Team 

 

we have observed so many Vulnerabilities in our polycom device .we have updated the UC software to the latest one

UC Software Version4.1.1.0731
BootROM Software Version5.1.1.0132

 

But Vulnerabilities still exisist .Kinldy suggest how to fix ths Vulnerabilities.

 

List of the Vulnerabilities

 

SSL Server Supports Weak Encryption Vulnerability
SSL/TLS use of weak RC4 cipher
SSL/TLS Server supports TLSv1.0
SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
Message 1 of 7
6 REPLIES 6
Highlighted
Polycom Employee & Community Manager

Re: Polycom Phone Vulnerabilities

Hello Bivin VIjai,

welcome to the Polycom Community.

Thank you for the information you provided but it would also be helpful if you could also elaborate on the actual product that you have found this.

 

Please also provide details on what SIP / LYNC server you are using.

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 7
Highlighted
Occasional Advisor

Re: Polycom Phone Vulnerabilities

HI Team

 

We are using Asterisk server as the SIP server and all Polycom phones are connected to this sever .

 

we are using the IP phone 330, 331 ,335 and VVX 500

 

we have updated the to the latest UC software :-

  

Phone Information  Phone Model SoundPoint IP 335

Part Number 2345-12375-001 Rev:B

MAC Address 00:04:F2:CB:37:07

IP Address XXXXXXXXXX

UC Software Version 4.0.7.2514

BootROM Software Version 5.0.7.1284

 

Please let us know the non Vulnerabile UC software version for this models .

 

we have tried with diiferent UC software and the isuue still persist .

Message 3 of 7
Highlighted
Polycom Employee & Community Manager

Re: Polycom Phone Vulnerabilities

Hello Bivin VIjai,

 

  • For all SoundPoint / SoundStation IP phones using SIP and not LYNC UC Software 4.0.11 is the latest software
    4.1.1 is for LYNC only and older
  • For all VVX Phones using SIP and not LYNC UC Software 5.5.0 is the latest software
    UC Software 5.4.4 is for LYNC / Skype only

 

Please ensure you are using the above and I work with our security department to work on confirmation if the items listed by yourself are already addressed.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 7
Highlighted
Polycom Employee & Community Manager

Re: Polycom Phone Vulnerabilities

Hello Bivin VIjai,

In addition check the Configurable TLS Cipher Suites  Section within the Admin Guides or you can check the Settings > Network > TLS > TLS Profiles > Platform X settings.

 

This section, when changed to Customer, allows you to change Cipher Suite's.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 5 of 7
Highlighted
Occasional Advisor

Re: Polycom Phone Vulnerabilities

HI  Steffen
 
We have updated the Firwamre to 4.0.11 and  Vulnerabilities is still prestist .

 

Can you please let us know how to fix the same

Message 6 of 7
Highlighted
Occasional Advisor

Re: Polycom Phone Vulnerabilities

Hi 

 

 

Please find the TLS configuration screeshot.

 

 

Message 7 of 7