Skip to main content

Description: We recently conducted a pentest with our network and the following items showed up as vulnerabilities on polycom devices. Please let us know how Ringcentral is addressing the vulnerabilities below:


Devices: Polycom VVX 450, Polycom ATA W60P


  1. JQuery 1.2 < 3.5.0 Multiple XSS -The remote web server is affected by multiple cross site scripting vulnerability.
  2. SSL Version 2 and 3 Protocol Detection - The remote service encrypts traffic using a protocol with known weaknesses.
  3. TLS Version 1.0 Protocol Detection-The remote service encrypts traffic using an older version of TLS.
  4. SSL Medium Strength Cipher Suites Supported (SWEET32)-The remote service supports the use of medium strength SSL ciphers.
  5. SSL Weak Cipher Suites Supported-The remote service supports the use of weak SSL ciphers.
  6. SSL RC4 Cipher Suites Supported (Bar Mitzvah)-The remote service supports the use of the RC4 cipher.
  7. IP Forwarding Enabled Polycom ATA has IP forwarding enabled.

Hi @malvin-belino, please check out this KB Article that may address your concern.
https://support.ringcentral.com/article/Cross-Site-Scripting-Vulnerabilities-Detected-in-Polycom-Phones-RingCentral-Contact-Center.html


This URL is now broken, could anyone please direct me to security setup or instructions on how to change security settings specifically for weak ciphers? 

 

Example of what I am attempting to remediate: nmap scan of YeaLink T46S. Still using weak anonymous ciphers. Would like to correct this, firmware updates seem to fail with latest available. 

TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) - F


This URL is now broken, could anyone please direct me to security setup or instructions on how to change security settings specifically for weak ciphers? 

 

Example of what I am attempting to remediate: nmap scan of YeaLink T46S. Still using weak anonymous ciphers. Would like to correct this, firmware updates seem to fail with latest available. 

TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) - F

I will look into this, ​@AXDXAZ_Systems.


Reply