The remote host is affected by multiple vulnerabilities.
According to its self-reported version number, the firmware installed on the remote host is affected by multiple vulnerabilities : - A command shell authorization bypass vulnerability exists that could be used by a malicious user to gain unauthorized access to the system, which could result in information disclosure. - A command injection vulnerability exists that could allow an authenticated, malicious user to execute arbitrary commands on the system when using the firmware update functionality. - A privilege escalation vulnerability exists that could lead to unauthorized system access and information disclosure. - An H.323 format string vulnerability exists via a maliciously crafted call setup message that could lead to system instability or remote code execution. - A SQL injection vulnerability exists via a maliciously crafted call setup message that could lead to remote code execution. - The Polycom HDX uses a software update process that reads a PUP file containing all of the information and tools needed to properly update the system. A vulnerability has been discovered in the PUP file header MAC signature verification process that could allow a malicious user to extract the components of the PUP file. Note that Nessus has not tested for the issues but has instead relied only on the application's self-reported version number.