Description: We recently conducted a pentest with our network and the following items showed up as vulnerabilities on polycom devices. Please let us know how Ringcentral is addressing the vulnerabilities below:Devices: Polycom VVX 450, Polycom ATA W60P JQuery 1.2 < 3.5.0 Multiple XSS -The remote web server is affected by multiple cross site scripting vulnerability.SSL Version 2 and 3 Protocol Detection - The remote service encrypts traffic using a protocol with known weaknesses.TLS Version 1.0 Protocol Detection-The remote service encrypts traffic using an older version of TLS.SSL Medium Strength Cipher Suites Supported (SWEET32)-The remote service supports the use of medium strength SSL ciphers.SSL Weak Cipher Suites Supported-The remote service supports the use of weak SSL ciphers.SSL RC4 Cipher Suites Supported (Bar Mitzvah)-The remote service supports the use of the RC4 cipher.IP Forwarding Enabled Polycom ATA has IP forwarding enabled.

Security concerns - Vulnerabilities with Polycom devices

Description: We recently conducted a pentest with our network and the following items showed up as vulnerabilities on polycom devices. Please let us know how Ringcentral is addressing the vulnerabilities below:

Devices: Polycom VVX 450, Polycom ATA W60P

JQuery 1.2 < 3.5.0 Multiple XSS -The remote web server is affected by multiple cross site scripting vulnerability.
SSL Version 2 and 3 Protocol Detection - The remote service encrypts traffic using a protocol with known weaknesses.
TLS Version 1.0 Protocol Detection-The remote service encrypts traffic using an older version of TLS.
SSL Medium Strength Cipher Suites Supported (SWEET32)-The remote service supports the use of medium strength SSL ciphers.
SSL Weak Cipher Suites Supported-The remote service supports the use of weak SSL ciphers.
SSL RC4 Cipher Suites Supported (Bar Mitzvah)-The remote service supports the use of the RC4 cipher.
IP Forwarding Enabled Polycom ATA has IP forwarding enabled.

Page 1 / 1

Hi @malvin-belino, please check out this KB Article that may address your concern.
https://support.ringcentral.com/article/Cross-Site-Scripting-Vulnerabilities-Detected-in-Polycom-Phones-RingCentral-Contact-Center.html

This URL is now broken, could anyone please direct me to security setup or instructions on how to change security settings specifically for weak ciphers?

Example of what I am attempting to remediate: nmap scan of YeaLink T46S. Still using weak anonymous ciphers. Would like to correct this, firmware updates seem to fail with latest available.

TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) - F

This URL is now broken, could anyone please direct me to security setup or instructions on how to change security settings specifically for weak ciphers?

Example of what I am attempting to remediate: nmap scan of YeaLink T46S. Still using weak anonymous ciphers. Would like to correct this, firmware updates seem to fail with latest available.

TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) - F

I will look into this, @AXDXAZ_Systems.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded