• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The Poly Phones Knowledge Base is live! We look forward to helping you with common issues and troubleshooting advice!
Locked

‎06-26-2024 08:04 AM

HP Recommended

We're seeing an old jquery version of 1.4.4 getting hit with CVE-2020-11022 and CVE-2020-11023 on network scans with our Polycom VVX311 phones, currently at software level 6.3.1.11465. Everything that I have found shows that these vulnerabilities were resolved in earlier versions of software such as 5.9.x.x. Genesys Cloud support shows that this is their latest approved version of your software, so I cannot currently update the phone manually to any other version. Should 6.3.1.11465 show this version of jQuery? Where do I go from here?

13 REPLIES 13

‎06-26-2024 08:39 AM

HP Recommended

Hello @Bnoon Welcome to the Poly HP Support Community. 

 

Due to limited support, I would request that you contact HP Support, and our support engineers should be able to sort this out. HP Support can be reached by clicking on the following link:

https://support.hp.com/us-en/poly

  

Please contact us here anytime you need any further assistance.

 

I hope this helps! Keep me posted for further assistance. If you find the information provided useful or solves your problems, help other users find the solution more easily by giving Kudos/Thumbs Up and marking my post as an Accepted Solution.

 

Regards,
Meghana 

Have a great day!

Was this reply helpful? Yes No

‎06-26-2024 09:17 AM

HP Recommended

Hello @Bnoon ,

 

welcome to the HP Poly community.

 

You would need to contact Genesis as they approve our software. Considering we are already on UC Software 6.4.6 for VVX you are running an outdated release.

 

The 1st Gen VVX phones have UC Software 5.9.8 as the latest build.

 

Best Regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
Was this reply helpful? Yes No

‎06-26-2024 09:29 AM

HP Recommended

Steffen, you mention that first gen VVX phones should be running 5.9.8. Is this a first gen phone since it uses the legacy RFC 1035 host name format of Polycom_<MacAddress>? I have the MAC address of the phone, but I cannot find the serial number in the config web page of the phone anywhere if that's not considered the serial number... that's why I have not opened a case with HP support as of yet. It will not accept the MAC as the serial number to start a case.

Was this reply helpful? Yes No

‎06-26-2024 09:52 AM - edited ‎06-26-2024 09:54 AM

HP Recommended

Hello @Bnoon 

 

Legacy VVX is VVX without the 1 in the model name aka VVX 500, 600, etc. and not a current VVX like the VVX 501, 601 etc. The 311 you have is a "current" VVX and not a legacy VVX.

 

EDIT: legacy can only run a maximum of 5.9.x, current VVX run 6.x.x 

 

From the FAQ again:

 

Oct 7, 2011 Question: What PVOS, SIP, or UC, or Obi Edition Software version or Updater / BootROM Version is supported by my Phone?

Resolution: Please check => here <=

 

I am unsure why you would open a ticket with HP Poly as Genesys needs to approve a currently supported software and not run a year-old software.

 

Try to upgrade to a currently supported version, re-run the scan, and then work with Genesys support.

 

Best regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
Was this reply helpful? Yes No

‎06-26-2024 10:15 AM

HP Recommended

I tried to run the current software but it did not upgrade. When I asked Genesys to update to the latest, they said they're on their latest approved version and asked me to contact Polycom support. I will go back to them with your recommendation to approve the latest version. Thank you.

Was this reply helpful? Yes No

‎07-01-2024 08:35 AM

HP Recommended

Can anyone confirm that we should be seeing these jQuery issues on software 6.3.1.11465 though? This software level came out well after those CVE's were supposedly resolved on previous versions of software. I would not expect CVE's resolved in 2020 to still be showing up, but they are...

Was this reply helpful? Yes No

‎07-01-2024 08:58 AM

HP Recommended

Hello @Bnoon ,

 

welcome back to the HP Poly community.

 

Using a currently supported version you should not see this. UC Software 6.4.6 or for legacy VVX phones 5.9.8 is a supported version.

If you still have a report on these please open a ticket with HP Poly Support. Details are in my signature.

 

Best Regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
Was this reply helpful? Yes No

‎07-03-2024 06:23 AM

HP Recommended

I understand that 6.4.6 should not see the jQuery finding. My question is: Should I be seeing the jQuery finding on 6.3.1 that is currently on the phones? From looking at the CVE history, that jQuery finding should have been resolved a few years before 6.3.1 even came out. I've asked Genesys to upgrade their version of software on these phones, but their process takes a long time to go through approvals/trials/etc, and I just need answers at this point to satisfy our security procedures. 

Was this reply helpful? Yes No

‎07-03-2024 06:34 AM - edited ‎07-24-2024 01:12 PM

HP Recommended

Is there a way to get the serial number from the web interface in order to open a ticket? The MAC address is not allowing me through to open the ticket, and neither is the Part Number. 

Bnoon_0-1721848370150.png

 

 

Was this reply helpful? Yes No
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.