A recent security audit of our network found a vulnerability with our Polycom Trio 8800 w/ Visual+ devices. I've updated the latest available version: 5.9.5.2830 and the vulnerability still exists. Are there any plans to update JQuery in new versions of the phone software, or does this issue not apply to or affect the Polycom Trio phone software?
We're using Nessus with plugins dated 09/26/2020 to scan for these vulnerabilities. Nessus returns the following information:
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
URL : https://10.1x.xx.xx/js/jquery.js
Installed version : 1.4.4
Fixed version : 3.5.0
Solved! Go to Solution.
Hello @brandoncs ,
Welcome to the Poly Community.
We are currently planning to address this in the next release for Trio planned for End of November / Early December(Subject to change). If you need official confirmation I suggest raising a ticket.
In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.
End Customers are usually unable to open a ticket directly with Poly support. Available End User Poly services offerings are detailed here
If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.
If the unit is no longer within the warranty please be prepared to Pay Per Incident / PPI. This is all outlined in detail here
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Hello @brandoncs ,
Welcome to the Poly Community.
We are currently planning to address this in the next release for Trio planned for End of November / Early December(Subject to change). If you need official confirmation I suggest raising a ticket.
In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.
End Customers are usually unable to open a ticket directly with Poly support. Available End User Poly services offerings are detailed here
If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.
If the unit is no longer within the warranty please be prepared to Pay Per Incident / PPI. This is all outlined in detail here
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier