CVE-2018-14934 Information

Description

The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://support.polycom.com/content/dam/polycom-support/global/documentation/bluetooth-authentication-weakness-trio.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5