As of August 29, 2022, HP Inc. completed the acquisition of Poly. For HP product support, please visit the HP Customer Support site.
Vulnerability Summary
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.
Details
CVE 2014-0160
Through exploiting the heartbeat feature in OpenSSL versions 1.0.1 through 1.0.1f, an attacker can capture memory from the host 64k at a time. Successive 64k sections of memory can be captured until the attacker has captured the desired data. This could include, at worst case, a copy of the server’s private key.
Published
Last Update: 3/4/2022
Initial Public Release: 4/9/2014
Advisory ID: PLYGN14-01
CVE ID: CVE-2014-0160
CVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Product Affected
| Managed Applications | Version | Vulnerable | Notes |
|---|---|---|---|
| CMA | All | Not Vulnerable | |
| RealPresence Distributed Media Application (DMA) | All | Not Vulnerable | |
| RealPresence Resource Manager (RPRM) | All | Not Vulnerable | |
| RealPresence Video DualManager 400 (RPDM) | All | Not Vulnerable | |
| RealPresence Platform Suite (SoftRPP) | All | Not Vulnerable |
Product Affected
| Telepresence Rooms | Version | Status | Notes |
|---|---|---|---|
| VSX Series | All | Not Vulnerable | |
| HDX Series | 3.0.x and Older Versions | Not Vulnerable | |
| HDX Series | 3.1.x and Greater Versions | Vulnerable | Fixed in version 3.1.3.2 |
| HDX Series | 3.1.3.2 | Not Vulnerable | Fixes earlier 3.x vulnerabile versions - not currently recommended for CMS/Halo |
| QDX 6000 | All | Not Vulnerable | |
| RealPresence Group Series | All | Vulnerable | 4.1.3.2 fixes all 4.1.x versions 4.0.2.2 fixes all 4.0.x versions |
| RealPresence Group Series | 4.0.2.2 | Not Vulnerable | 4.0.2.2 fixes all 4.0.x versions |
| RealPresence Group Series | 4.1.3.2 | Not Vulnerable | 4.1.3.2 fixes all 4.1.x versions |
Product Affected
| Immersive Telepresence | Version | Status | Notes |
|---|---|---|---|
| ITP | 2.7.1 | Not Vulnerable | Uses HDX 2.6.1.3_itp271-5267 |
| ITP | 3.0.1 | Not Vulnerable | Uses HDX 3.0.1-10628 |
| ITP | 3.0.2 | Not Vulnerable | Uses HDX 3.0.2-11176 |
| ITP | 3.0.3 | Not Vulnerable | Uses HDX 3.0.3-14451 |
| ITP | 3.0.5 | Not Vulnerable | Uses HDX 3.0.5-22695 |
| ITP | 3.1 | Vulnerable | Fixed by HDX 3.1.3.2 |
| ITP | 3.1.2 | Vulnerable | Fixed by HDX 3.1.3.2 |
| ITP | 3.1.3 | Vulnerable | Fixed by HDX 3.1.3.2 |
| ITP with HDX (ATX, OTX, RPX, TPX) | See HDX Section for any fixes | ||
| ITP with Group Series (Immersive Studio) | See Group Series Section for any fixes | ||
| RPIS | 4.1.2 | Vulnerable | Fixed by Group Series 4.1.3.2 |
| RPIS | 4.1.3 | Vulnerable | Fixed by Group Series 4.1.3.2 |
| CMS/Halo | All | Vulnerable | HDX and RMX are the only vulnerable components |
Product Affected
| Desktop & Mobile Video Conferencing | Version | Status | Notes |
|---|---|---|---|
| RealPresence Desktop | All Versions | All Versions | |
| RealPresence Mobile | All Versions | All Versions | |
| CMA Desktop | All Versions | All Versions |
Product Affected
| RealPresence Collaboration Server 1500, 1800, 2000 and 4000 (RMX) | Version | Status | Notes |
|---|---|---|---|
| RMX | All verison prior to 8.1 | Not Vulnerable | |
| RMX | 8.1.4.x | Vulnerable | Fixed with hotfix 8.1.7.37.022.543.002 |
| RMX | 8.1.7.x | Vulnerable | Fixed with hotfix 8.1.7.37.022.543.002 |
| RMX | 8.2.x | Vulnerable | Fixed with hotfix 8.2.0.85.13.544.002 |
| RMX | 8.3.x | Vulnerable | New 8.3.0.246 fix replaces 8.3.0.245.477.003 |
| RMX | 8.2.0.85.13.544.002 | Not Vulnerable | Fixes 8.2.x |
| RMX | 8.3.0.245.477.003 (Hot fix) | Not Vulnerable | Expired fix for 8.3.x |
| RMX | 8.3.0.246 | Not Vulnerable | Fix for 8.3.x |
| MGC-25, MGC-50, MGC-100 | All | Not Vulnerable | |
| RealPresence Collaboration Server, Virtual Edition (SoftMC) | 8.3.x | Not Vulnerable | |
| S4GW Serial Gateway for RMX | All | Not Vulnerable |
Product Affected
| Media Capture & Sharing | Version | Status | Notes |
|---|---|---|---|
| Recording and Streaming Server (RSS) 4000 | All Version | Not Vulnerable | |
| Recording and Streaming Server (RSS) 2000 | All Version | Not Vulnerable | |
| RealPresence Capture Server | All Versions | Not Vulnerable | |
| RealPresence Capture Station Pro | All Versions | Not Vulnerable | |
| RealPresence Capture Station Portable Pro | All Versions | Not Vulnerable | |
| RealPresence Media Manager | All Versions | Not Vulnerable | |
| Media Editor | All Versions | Not Vulnerable | |
| CSS Client | All Versions | Not Vulnerable | |
| CSS Server | All Versions | Not Vulnerable |
Product Affected
| Firewall Traversal & Security | Version | Status | Notes |
|---|---|---|---|
| Video Border Proxy (VBP) E & ST Series | 11.1x | Not Vulnerable | |
| Video Border Proxy (VBP) E & ST Series | 11.2.11 - Hot fix | Not Vulnerable | |
| Video Border Proxy (VBP) E & ST Series | 11.2.12 - GA | Vulnerable | Fixed with version 11.2.17 |
| Video Border Proxy (VBP) E & ST Series | 11.2.16 - GA | Vulnerable | Fixed with version 11.2.17 |
| Video Border Proxy (VBP) E & ST Series | 11.2.17 | Not Vulnerable | Fixes earlier vulnerable versions |
| RealPresence Access Director (RPAD) | All Version | Not Vulnerable |
Product Affected
| CloudAXIS | Version | Status | Notes |
|---|---|---|---|
| CloudAXIS MEA (Web Experience Portal) | All Versions | Not Vulnerable | |
| CloudAXIS WSP (Web Service Portal) | All Versions | Not Vulnerable | |
| RealPresence Platform Director | All Versions | Not Vulnerable |
Product Affected
| Desktop Video & Voice Solutions | Version | Status | Notes |
|---|---|---|---|
| SoundPoint, SoundStation, SoundStructure, VVX, (VoIP Interface) Families | All Versions 4.0.x | Not Vulnerable | |
| SoundPoint, SoundStation, VVX Families | UCS 3.3.0.1098 rts 35 - UCS 3.3.4.0085 rts 6 |
Not Vulnerable | |
| SoundPoint, SoundStation, VVX Families | SIP 3.2.0 rts 44- SIP 3.2.7.0198 rts 10 |
Not Vulnerable | |
| SoundPoint, SoundStation, and SoundStructure (VoIP Interface) Families | UCS 4.1.0.84959 rts 421 - UCS 4.1.6.4835 rts 50 |
Vulnerable & Fixed | UCS 4.1.6 patch fix delivered, UCS 5.0.2 patch fix delivered, UCS 4.1.0 patch fix delivered, UCS 5.1.0 patch fix delivered, UCS 4.1.7 patch fix delivered |
| VVX and SoundStructure (VoIP Interface) Families | UCS 4.1.3.7864 rts 21G - UCS 5.0.1.7396 rts 56 Q |
Vulnerable & Fixed | UCS 4.1.6 patch fix delivered, UCS 5.0.2 patch fix delivered, UCS 4.1.0 patch fix delivered, UCS 5.1.0 patch fix delivered, UCS 4.1.7 patch fix delivered |
| Zero Touch Provisioning Solution - ZTP (User Portal) | N/A | Not Vulnerable | Fixed as of April 11, 2014 |
| Unified Conference & Collaboration Stations CX100, CX300, CX500, CX600, CX3000 |
All | Not Vulnerable |
Product Affected
| Accessories | Version | Status | Notes |
|---|---|---|---|
| TouchControl (PTC) | All | Not Vulnerable | |
| People + Content IP (PP CIP) | All | Not Vulnerable |
Solution
As fixes become available for a given product, that information will appear in this bulletin in subsequent releases. Polycom will continue updating this bulletin until all fixes are in place. Polycom recommends that users of any Polycom product listed in the table above as being vulnerable update to the “FIXED” version of their product as soon as such a version becomes available.
Workaround
At this time, many affected products have older versions to which you can temporarily regress (install older version). If you can temporarily run an older product version, this is recommended.
For some products, mitigations exist solely in the realm of controlling the presence of encrypted traffic on any system that uses a vulnerable version of OpenSSL. Basic suggestions at this time are to:
- Place the Polycom product behind a firewall whenever possible, such that outsiders do not have access to ports used by OpenSSL on the device (usually only HTTPS, but sometimes other protocols that use TLS such as secure LDAP or secure SIP are involved).
- Turn off any services that use OpenSSL (if relevant) if at all possible. When new fixes become available, new certificates can be issued for your system, thus occluding any knowledge an attacker might have gained with regards to your old encryption certificates or keys.
For the voice products currently listed as vulnerable, a mitigation specific to these products is available: Set your httpd.enabled flag to = 0 (zero). This disables web access of all kinds, and blocks known heartbeat vectors into the system.
Contact
Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support – (888) 248-4143, (916) 928-7561, or visit the Poly Support Site.
Revision History
| VERSION | DATE | DESCRIPTION |
|---|---|---|
| 1.0 | 4/9/2014 | Initial Release |
| 1.1 | 4/10/2014 | More detail for more products andfirst estimates for fix dates. Improved mitigation detail. |
| 1.2 | 4/14/2014 | More products, better detail, betterlistings for affected members of Soundpoint family. |
| 1.3 | 4/14/2014 | Product list condensation (“versionsolder than”). HDX and Group Series fix date estimates published. Incorrectmitigation advice for RMX posted. |
| 1.4 | 4/15/2014 | More condensation and accuracy.Mitigation advice removed from RMX. |
| 1.5 | 4/17/2014 | RMX estimate for fix date, HDX fixdate estimate moved in, mitigation for those members of Soundpoint familyaffected. |
| 1.6 | 4/18/2014 | Added UCS fix dates for the affectedVVX, Soundstation, Soundstructure systems. Added new language at the top and bottom of the document reminding that it is aliving doc, updates of which can be found on Polycom’s website |
| 1.7 | 4/22/2014 | New formatting, fix announcements forHDX and RMX, condensed table format |
| 1.8 | 4/26/2014 | Group Series fix announced. Moredetail for RMX fixes for older versions. Added PPCIP. Note about ITP and HDXfix. Changed dates on UCS phones. |
| 1.9 | 4/28/2014 | Clarification on HDX/ITP and HDX/CMS,Fixes for many of the UCS phones, CMS/Halo & S4GW added as their ownitems. |
| 1.10 | 5/6/2014 | RMX 8.2, Group Series 4.0, RPIS |
| 1.11 | 5/15/2014 | All RMX fixes finalized, RMX 8.3 fixreplaced with new RMX 8.3 fix. One more set of phone fixes has arrived. |
| 1.12 | 6/5/2014 | Final version – UCS 4.0.x clarifiedand UCS 4.1.7 listed as fixed |
| 2.0 | 3/4/2022 | Format Changes |
©2022 Plantronics, Inc. All rights reserved.
Trademarks
Poly, the propeller design, and the Poly logo are trademarks of Plantronics, Inc. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Poly.
Disclaimer
While Poly uses reasonable efforts to include accurate and up-to-date information in this document, Poly makes no warranties or representations as to its accuracy. Poly assumes no liability or responsibility for any typographical errors, out of date information, or any errors or omissions in the content of this document. Poly reserves the right to change or update this document at any time. Individuals are solely responsible for verifying that they have and are using the most recent Technical Bulletin.
Limitation of Liability
Poly and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Poly and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive, or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Poly has been advised of the possibility of such damages.