vendor:
SoundPoint IP
by:
Pawel Gawinek
7.5
CVSS
HIGH
Denial of Service
20
CWE
Product Name: SoundPoint IP
Affected Version From: 3.2.4.1734
Affected Version To: 4.2.2.0710
Patch Exists: NO
Related CWE: N/A
CPE: h:polycom:soundpoint_ip
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2013
Polycom SoundPoint IP Denial of Service
Polycom SoundPoint IP devices (IP phones) are vulnerable to Denial of Service attacks. Sending HTTP GET request with broken Authorization header effect a device restart after ~60 seconds.
Mitigation:
Ensure that the Authorization header is properly formatted and valid.