Skip to main content
To homepage To homepage
Question

Security concerns - Vulnerabilities with Polycom devices

M

Description: We recently conducted a pentest with our network and the following items showed up as vulnerabilities on polycom devices. Please let us know how Ringcentral is addressing the vulnerabilities below:


Devices: Polycom VVX 450, Polycom ATA W60P


  1. JQuery 1.2 < 3.5.0 Multiple XSS -The remote web server is affected by multiple cross site scripting vulnerability.
  2. SSL Version 2 and 3 Protocol Detection - The remote service encrypts traffic using a protocol with known weaknesses.
  3. TLS Version 1.0 Protocol Detection-The remote service encrypts traffic using an older version of TLS.
  4. SSL Medium Strength Cipher Suites Supported (SWEET32)-The remote service supports the use of medium strength SSL ciphers.
  5. SSL Weak Cipher Suites Supported-The remote service supports the use of weak SSL ciphers.
  6. SSL RC4 Cipher Suites Supported (Bar Mitzvah)-The remote service supports the use of the RC4 cipher.
  7. IP Forwarding Enabled Polycom ATA has IP forwarding enabled.

    3 replies

    Mary-Community_Moderator
    Community Manager
    Forum|alt.badge.img

    Hi @malvin-belino, please check out this KB Article that may address your concern.
    https://support.ringcentral.com/article/Cross-Site-Scripting-Vulnerabilities-Detected-in-Polycom-Phones-RingCentral-Contact-Center.html

    A

    This URL is now broken, could anyone please direct me to security setup or instructions on how to change security settings specifically for weak ciphers? 

     

    Example of what I am attempting to remediate: nmap scan of YeaLink T46S. Still using weak anonymous ciphers. Would like to correct this, firmware updates seem to fail with latest available. 

    TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) - F

    Mary-Community_Moderator
    Community Manager
    Forum|alt.badge.img
    AXDXAZ_Systems wrote:

    This URL is now broken, could anyone please direct me to security setup or instructions on how to change security settings specifically for weak ciphers? 

     

    Example of what I am attempting to remediate: nmap scan of YeaLink T46S. Still using weak anonymous ciphers. Would like to correct this, firmware updates seem to fail with latest available. 

    TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) - F

    I will look into this, ​@AXDXAZ_Systems.

    A
    1 person likes this
    • A
      AXDXAZ_Systems

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings
    PRODUCTS
    RingEX
    Message
    Video
    Phone
    OPEN ECOSYSTEM
    Developer Platform
    APIs
    Integrated Apps
    App Gallery
    Developer support
    Games and rewards

    RESOURCES
    Resource center
    Blog
    Product Releases
    Accessibility
    QUICK LINKS
    App Download
    RingCentral App login
    Admin Portal Login
    Contact Sales
    © 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice