Browse all 8 CVE security advisories affecting Poly. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Poly is a video conferencing and communication platform primarily used for business meetings and remote collaboration. Historically, it has been susceptible to multiple remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with 8 CVEs documented. Security researchers have identified authentication bypass flaws and insecure default configurations as recurring issues. In 2022, a critical RCE vulnerability (CVE-2022-24112) allowed unauthenticated attackers to execute arbitrary code on affected systems. The platform's complex attack surface and frequent updates contribute to ongoing security challenges, requiring organizations to maintain rigorous patch management and network segmentation to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-4465 | Poly VVX 601 Configuration File Import unverified password change — Trio 8300CWE-620 | 2.7 | Low | 2023-12-29 |
| CVE-2023-4464 | Poly VVX 601 Diagnostic Telnet Mode os command injection — Trio 8300CWE-78 | 7.2 | High | 2023-12-29 |
| CVE-2023-4462 | Poly VVX 601 Web Configuration Application random values — Trio 8300CWE-330 | 3.7 | Low | 2023-12-29 |
This page lists every published CVE security advisory associated with Poly. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.