VYPR
Unrated severityNVD Advisory· Published Mar 12, 2020· Updated Aug 4, 2024

CVE-2019-11355

CVE-2019-11355

Description

An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Polycom/HDXdescription
  • Polycom/HDXllm-fuzzy
    Range: <=3.1.13

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.