Re: Polycom VVX jquery vulnerability on network security sca... - HP Support Community

Anonymous · ‎06-04-2020

I have several Polycom VVX 300 and 310 phones installed at my customer's site. They recently did a network security scan and the phones are being flagged with a JQuery vulnerability. I have looked into the phones settings and researched the internet but I cannot seem to find a way to disable this so it no longer shows up on the scan.

The phones are firmware 5.8.0.12848. They are connecting to ReInvent Cloud service.

I have attached a screen shot of the scan message they are getting about the phones.

Any help on this is appreciated.

Thanks

SteffenBaierUK · ‎06-04-2020

Hello @JPeck ,

Welcome to the Poly Community.

UC Software 5.8.0 is no longer supported. Please upgrade to UC Software 5.9.6 and re-test.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

Anonymous · ‎06-29-2021

We are seeing this same issue on version 6.3.1.

Is there any other update to this?

SteffenBaierUK · ‎06-30-2021

Hello @crowda and @JPeck ,

Welcome to the Poly Community.

JQuery CVE-2020-11022 should be fixed in the following builds:

UCS 5.9.7 (planned for ~ Mid August subject to change)
UCS 6.1.3 No ETA so far
UCS 6.2.2 No ETA so far
UCS 6.3.2 No ETA so far
UCS 6.4.0 Release >here<

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

Anonymous · ‎06-30-2021

was there a security bulletin that we missed?

SteffenBaierUK · ‎06-30-2021

Hello @mwiater ,

Welcome to the Poly Community.

All published security alerts can be found >here<

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

Polycom VVX jquery vulnerability on network security scan

Create an account on the HP Community to personalize your profile and ask a question