HIGHCVE-2026-0754Published 2026-03-03Modified 2026-03-03CNA hp

CVE-2026-0754: SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.

CVSS v4.0: 8.2
Severity: HIGH
Fixed in: <PVOS 8.5.0
Affected Products: 3

Fix available

<PVOS 8.5.0<UCS 6.4.8<UCS 8.1.7.c

Affected packages

HP Inc / VVX
< <UCS 6.4.8 (from 0)
HP Inc / Edge E
< <PVOS 8.5.0 (from 0)
HP Inc / Trio 8300
< <UCS 8.1.7.c (from 0)

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

References

support.hp.com

Metrics

Fix available