Hello @Bnoon Welcome to the Poly HP Support Community. 

Due to limited support, I would request that you contact HP Support, and our support engineers should be able to sort this out. HP Support can be reached by clicking on the following link:

https://support.hp.com/us-en/poly

Please contact us here anytime you need any further assistance.

I hope this helps! Keep me posted for further assistance. If you find the information provided useful or solves your problems, help other users find the solution more easily by giving Kudos/Thumbs Up and marking my post as an Accepted Solution.

Regards,
Meghana 

Have a great day!

Hello @Bnoon ,

welcome to the HP Poly community.

You would need to contact Genesis as they approve our software. Considering we are already on UC Software 6.4.6 for VVX you are running an outdated release.

The 1st Gen VVX phones have UC Software 5.9.8 as the latest build.

Best Regards

Steffen Baier

Steffen, you mention that first gen VVX phones should be running 5.9.8. Is this a first gen phone since it uses the legacy RFC 1035 host name format of Polycom_<MacAddress>? I have the MAC address of the phone, but I cannot find the serial number in the config web page of the phone anywhere if that's not considered the serial number... that's why I have not opened a case with HP support as of yet. It will not accept the MAC as the serial number to start a case.

Hello @Bnoon 

Legacy VVX is VVX without the 1 in the model name aka VVX 500, 600, etc. and not a current VVX like the VVX 501, 601 etc. The 311 you have is a "current" VVX and not a legacy VVX.

EDIT: legacy can only run a maximum of 5.9.x, current VVX run 6.x.x 

From the FAQ again:

Oct 7, 2011 Question: What PVOS, SIP, or UC, or Obi Edition Software version or Updater / BootROM Version is supported by my Phone?

Resolution: Please check => here <=

I am unsure why you would open a ticket with HP Poly as Genesys needs to approve a currently supported software and not run a year-old software.

Try to upgrade to a currently supported version, re-run the scan, and then work with Genesys support.

Best regards

Steffen Baier

I tried to run the current software but it did not upgrade. When I asked Genesys to update to the latest, they said they're on their latest approved version and asked me to contact Polycom support. I will go back to them with your recommendation to approve the latest version. Thank you.

Can anyone confirm that we should be seeing these jQuery issues on software 6.3.1.11465 though? This software level came out well after those CVE's were supposedly resolved on previous versions of software. I would not expect CVE's resolved in 2020 to still be showing up, but they are...

Hello @Bnoon ,

welcome back to the HP Poly community.

Using a currently supported version you should not see this. UC Software 6.4.6 or for legacy VVX phones 5.9.8 is a supported version.

If you still have a report on these please open a ticket with HP Poly Support. Details are in my signature.

Best Regards

Steffen Baier

I understand that 6.4.6 should not see the jQuery finding. My question is: Should I be seeing the jQuery finding on 6.3.1 that is currently on the phones? From looking at the CVE history, that jQuery finding should have been resolved a few years before 6.3.1 even came out. I've asked Genesys to upgrade their version of software on these phones, but their process takes a long time to go through approvals/trials/etc, and I just need answers at this point to satisfy our security procedures. 

Is there a way to get the serial number from the web interface in order to open a ticket? The MAC address is not allowing me through to open the ticket, and neither is the Part Number.