Solved: Trio 8800 JQuery Version 1.4.4 Vulnerability

brandoncs · ‎10-13-2020

A recent security audit of our network found a vulnerability with our Polycom Trio 8800 w/ Visual+ devices. I've updated the latest available version: 5.9.5.2830 and the vulnerability still exists. Are there any plans to update JQuery in new versions of the phone software, or does this issue not apply to or affect the Polycom Trio phone software?

We're using Nessus with plugins dated 09/26/2020 to scan for these vulnerabilities. Nessus returns the following information:

According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

URL : https://10.1x.xx.xx/js/jquery.js

Installed version : 1.4.4

Fixed version : 3.5.0

SteffenBaierUK · ‎10-13-2020

Hello @brandoncs ,

Welcome to the Poly Community.

We are currently planning to address this in the next release for Trio planned for End of November / Early December(Subject to change). If you need official confirmation I suggest raising a ticket.

In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.

End Customers are usually unable to open a ticket directly with Poly support. Available End User Poly services offerings are detailed here

If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.

If the unit is no longer within the warranty please be prepared to Pay Per Incident / PPI. This is all outlined in detail here

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

SteffenBaierUK · ‎10-13-2020

Hello @brandoncs ,

Welcome to the Poly Community.

We are currently planning to address this in the next release for Trio planned for End of November / Early December(Subject to change). If you need official confirmation I suggest raising a ticket.

In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.

End Customers are usually unable to open a ticket directly with Poly support. Available End User Poly services offerings are detailed here

If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.

If the unit is no longer within the warranty please be prepared to Pay Per Incident / PPI. This is all outlined in detail here

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Trio 8800 JQuery Version 1.4.4 Vulnerability

Trio 8800 JQuery Version 1.4.4 Vulnerability

Re: Trio 8800 JQuery Version 1.4.4 Vulnerability

Re: Trio 8800 JQuery Version 1.4.4 Vulnerability