Description: We recently conducted a pentest with our network and the following items showed up as vulnerabilities on polycom devices. Please let us know how Ringcentral is addressing the vulnerabilities below:Devices: Polycom VVX 450, Polycom ATA W60P JQuery 1.2 < 3.5.0 Multiple XSS -The remote web server is affected by multiple cross site scripting vulnerability.SSL Version 2 and 3 Protocol Detection - The remote service encrypts traffic using a protocol with known weaknesses.TLS Version 1.0 Protocol Detection-The remote service encrypts traffic using an older version of TLS.SSL Medium Strength Cipher Suites Supported (SWEET32)-The remote service supports the use of medium strength SSL ciphers.SSL Weak Cipher Suites Supported-The remote service supports the use of weak SSL ciphers.SSL RC4 Cipher Suites Supported (Bar Mitzvah)-The remote service supports the use of the RC4 cipher.IP Forwarding Enabled Polycom ATA has IP forwarding enabled.

Question

Security concerns - Vulnerabilities with Polycom devices

Forum|Forum|4 years ago
June 9, 2021
3 replies
1144 views

malvin-belino
New Participant

Description: We recently conducted a pentest with our network and the following items showed up as vulnerabilities on polycom devices. Please let us know how Ringcentral is addressing the vulnerabilities below:

Devices: Polycom VVX 450, Polycom ATA W60P

JQuery 1.2 < 3.5.0 Multiple XSS -The remote web server is affected by multiple cross site scripting vulnerability.
SSL Version 2 and 3 Protocol Detection - The remote service encrypts traffic using a protocol with known weaknesses.
TLS Version 1.0 Protocol Detection-The remote service encrypts traffic using an older version of TLS.
SSL Medium Strength Cipher Suites Supported (SWEET32)-The remote service supports the use of medium strength SSL ciphers.
SSL Weak Cipher Suites Supported-The remote service supports the use of weak SSL ciphers.
SSL RC4 Cipher Suites Supported (Bar Mitzvah)-The remote service supports the use of the RC4 cipher.
IP Forwarding Enabled Polycom ATA has IP forwarding enabled.

+3

Mary-Community_Moderator
Community Manager
Forum|Forum|4 years ago
June 9, 2021

Hi @malvin-belino, please check out this KB Article that may address your concern.
https://support.ringcentral.com/article/Cross-Site-Scripting-Vulnerabilities-Detected-in-Polycom-Phones-RingCentral-Contact-Center.html

Like

A

AXDXAZ_Systems
The First Step
Forum|Forum|1 year ago
February 25, 2025

This URL is now broken, could anyone please direct me to security setup or instructions on how to change security settings specifically for weak ciphers?

Example of what I am attempting to remediate: nmap scan of YeaLink T46S. Still using weak anonymous ciphers. Would like to correct this, firmware updates seem to fail with latest available.

TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) - F

Like

+3

Mary-Community_Moderator
Community Manager
Forum|Forum|1 year ago
February 25, 2025

This URL is now broken, could anyone please direct me to security setup or instructions on how to change security settings specifically for weak ciphers?

Example of what I am attempting to remediate: nmap scan of YeaLink T46S. Still using weak anonymous ciphers. Would like to correct this, firmware updates seem to fail with latest available.

TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) - F

I will look into this, @AXDXAZ_Systems.

Like

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded