nvd-json-data-feeds/CVE-2024/CVE-2024-95xx/CVE-2024-9579.json

{
  "id": "CVE-2024-9579",
  "sourceIdentifier": "hp-security-alert@hp.com",
  "published": "2024-11-05T17:15:07.667",
  "lastModified": "2024-11-08T18:08:02.683",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself."
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. La explotaci\u00f3n de esta vulnerabilidad depende de un ataque en capas y no puede explotarse por s\u00ed sola."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "hp-security-alert@hp.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "hp-security-alert@hp.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hp:poly_tc8_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "6.3.2",
              "matchCriteriaId": "6DCF1C57-F138-4118-BAA6-7286BA78F8DC"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F053C475-D941-4D4B-B433-8D67CD9A2C71"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hp:poly_tc10_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "6.3.2",
              "matchCriteriaId": "BC9FC9F3-5FB5-4E3B-9AF3-72BF90FAC13F"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E9083C3-3142-494C-827C-56576ADFCA93"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hp:poly_studio_g7500_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.3.2",
              "matchCriteriaId": "FCE079BE-F301-4CB3-AEF4-7A1F8BF52F0E"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B27E0D-4C00-42F8-8772-1C0B1D0F64FC"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hp:poly_studio_x30_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "4.3.2",
              "matchCriteriaId": "78D5810F-7044-4A7C-81E8-BF05F2163B5A"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58648CB8-9564-4EAB-8049-65B048EF8000"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hp:poly_studio_x50_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.3.2",
              "matchCriteriaId": "242A2E5D-D761-458E-BA4A-53F8DFF3B0A7"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1424706A-4E51-4513-B962-59E9ABDD71E7"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hp:poly_studio_x70_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.3.2",
              "matchCriteriaId": "520E74F3-26F8-408C-93AD-516373EACDF1"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A94CC22-4C6E-4415-9AB3-E0A3EC7BD672"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hp:poly_studio_x52_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.3.2",
              "matchCriteriaId": "383C1531-70D5-4BB2-AB8D-49D92E661739"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C69912-7DB0-4510-884B-3FFF7AC6B1FB"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hp:poly_studio_g62_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.3.2",
              "matchCriteriaId": "5315BF05-1706-4A5B-9A9D-104AEDDC2C5C"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF7F293C-3F38-40DB-B909-F6E0C32219E0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900",
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`{`
			`"id": "CVE-2024-9579",`
			`"sourceIdentifier": "hp-security-alert@hp.com",`
			`"published": "2024-11-05T17:15:07.667",`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`"lastModified": "2024-11-08T18:08:02.683",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself."`
Auto-Update: 2024-11-06T19:00:21.748867+00:00 2024-11-06 19:03:22 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": " Se descubri\u00f3 una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. La explotaci\u00f3n de esta vulnerabilidad depende de un ataque en capas y no puede explotarse por s\u00ed sola."`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "hp-security-alert@hp.com",`
			`"type": "Secondary",`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`"attackVector": "ADJACENT_NETWORK",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`},`
			`"exploitabilityScore": 1.6,`
			`"impactScore": 5.9`
			`},`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`"attackVector": "ADJACENT_NETWORK",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`},`
			`"exploitabilityScore": 1.6,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "hp-security-alert@hp.com",`
			`"type": "Secondary",`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-77"`
			`}`
			`]`
			`},`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-77"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`"configurations": [`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:hp:poly_tc8_firmware::::::::",`
			`"versionEndExcluding": "6.3.2",`
			`"matchCriteriaId": "6DCF1C57-F138-4118-BAA6-7286BA78F8DC"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:hp:poly_tc8:-:::::::*",`
			`"matchCriteriaId": "F053C475-D941-4D4B-B433-8D67CD9A2C71"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:hp:poly_tc10_firmware::::::::",`
			`"versionEndExcluding": "6.3.2",`
			`"matchCriteriaId": "BC9FC9F3-5FB5-4E3B-9AF3-72BF90FAC13F"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:hp:poly_tc10:-:::::::*",`
			`"matchCriteriaId": "5E9083C3-3142-494C-827C-56576ADFCA93"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:hp:poly_studio_g7500_firmware::::::::",`
			`"versionEndExcluding": "4.3.2",`
			`"matchCriteriaId": "FCE079BE-F301-4CB3-AEF4-7A1F8BF52F0E"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:hp:poly_studio_g7500:-:::::::*",`
			`"matchCriteriaId": "C0B27E0D-4C00-42F8-8772-1C0B1D0F64FC"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:hp:poly_studio_x30_firmware::::::::",`
			`"versionEndIncluding": "4.3.2",`
			`"matchCriteriaId": "78D5810F-7044-4A7C-81E8-BF05F2163B5A"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:hp:poly_studio_x30:-:::::::*",`
			`"matchCriteriaId": "58648CB8-9564-4EAB-8049-65B048EF8000"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:hp:poly_studio_x50_firmware::::::::",`
			`"versionEndExcluding": "4.3.2",`
			`"matchCriteriaId": "242A2E5D-D761-458E-BA4A-53F8DFF3B0A7"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:hp:poly_studio_x50:-:::::::*",`
			`"matchCriteriaId": "1424706A-4E51-4513-B962-59E9ABDD71E7"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:hp:poly_studio_x70_firmware::::::::",`
			`"versionEndExcluding": "4.3.2",`
			`"matchCriteriaId": "520E74F3-26F8-408C-93AD-516373EACDF1"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:hp:poly_studio_x70:-:::::::*",`
			`"matchCriteriaId": "8A94CC22-4C6E-4415-9AB3-E0A3EC7BD672"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:hp:poly_studio_x52_firmware::::::::",`
			`"versionEndExcluding": "4.3.2",`
			`"matchCriteriaId": "383C1531-70D5-4BB2-AB8D-49D92E661739"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:hp:poly_studio_x52:-:::::::*",`
			`"matchCriteriaId": "06C69912-7DB0-4510-884B-3FFF7AC6B1FB"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:hp:poly_studio_g62_firmware::::::::",`
			`"versionEndExcluding": "4.3.2",`
			`"matchCriteriaId": "5315BF05-1706-4A5B-9A9D-104AEDDC2C5C"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:hp:poly_studio_g62:-:::::::*",`
			`"matchCriteriaId": "FF7F293C-3F38-40DB-B909-F6E0C32219E0"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`"references": [`
			`{`
			`"url": "https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900",`
Auto-Update: 2024-11-08T19:00:24.086080+00:00 2024-11-08 19:03:25 +00:00			`"source": "hp-security-alert@hp.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-11-05T19:00:20.554266+00:00 2024-11-05 19:03:21 +00:00			`}`
			`]`
			`}`