Polycom is issuing the attached Security Advisory relating to a critical vulnerability discovered on the Polycom HDX Video System.
As discussed in the Security Advisory, Polycom has been made aware of a critical vulnerability in the Polycom shell (psh) functionality on the HDX Video System’s diagnostics port (port tcp/23). This vulnerability could allow a remote attacker to execute arbitrary code on the HDX, which could lead to a compromise of the system.
HDX Vulnerability: Latest update on a security issue identified in our HDX video conferencing system
Polycom has released HDX version 3.1.12 on November 23, 2017. This release is addressing this vulnerability. It can be accessed by clicking here.
Polycom appreciates and values the members of the security research community who find vulnerabilities, bring them to our attention, and work with Polycom in a coordinated effort so that security fixes can be issued to all impacted customers. We would like to thank the independent security researchers at SensePost for discovering this vulnerability and alerting us.
If you have any questions about the vulnerability or our solution or mitigation recommendations, please contact our Polycom Support Group by calling 1-800-POLYCOM or visiting: