Poly Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

vulnerability cipher suites on Polycom IP Phones SoundStation Duo

SOLVED
Go to solution
imbc00
Occasional Visitor
‎12-02-2021 11:04 PM
‎12-02-2021 11:04 PM

vulnerability cipher suites on Polycom IP Phones SoundStation Duo

hi,

I have an issue with DES cipher vulnerability. I tried to update the config following this kb cipher suites kb . but could not resolve the issue. my IP Phone doesn't have an option to select the minimum TLS version and this vulnerability affected my 8pcs Polycom SoundStation Duo. also I tried to update the firmware to 4.1.1.0934 it has no effect.

 

the question: how to fix this Vulnerabilities?

 

this is my cipher suites configuration:

ALL:!DH:!LOW:!EXP:!MD5:!DES:@STRENGTH

imbc00_0-1638515536682.png

 

 

 

 

Phone Information
Phone ModelSoundStation Duo
Part Number3111-19000-001 Rev:F
MAC Address00:04:F2:F4:13:B0
UC Software Version4.0.7.4180
BootROM Software Version5.0.7.1284

 

test result after updated the config:

 

 

Starting Nmap 6.40 ( http://nmap.org ) at 2021-12-03 14:48 +08
Nmap scan report for X.X.X.X
Host is up (0.0036s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_DES_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors:
|       NULL
|   TLSv1.0:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_DES_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors:
|       NULL
|_  least strength: weak
5060/tcp open  sip

 

 

 

 

 

 

 

thanks in advance

regards,

bc

Message 1 of 3
0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎12-03-2021 02:34 AM
‎12-03-2021 02:34 AM

Re: vulnerability cipher suites on Polycom IP Phones SoundStation Duo

Hello @imbc00 ,

 

Welcome to the Poly Community.

 

If you are not using Microsoft Lync or Skype for Business on-premise UC Software 4.1.1 is not a supported software for your device.

 

The device, if used in openSIP has the latest Software 4.0.15

 

Please upgrade to this build and follow the quoted Knova article on how to add the configuration and if this still fails please provide us with a backup of the configuration.

 

The above is all outlined in the FAQ

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

 

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 2 of 3
Reply
2 REPLIES 2
SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎12-03-2021 02:34 AM
‎12-03-2021 02:34 AM

Re: vulnerability cipher suites on Polycom IP Phones SoundStation Duo

Hello @imbc00 ,

 

Welcome to the Poly Community.

 

If you are not using Microsoft Lync or Skype for Business on-premise UC Software 4.1.1 is not a supported software for your device.

 

The device, if used in openSIP has the latest Software 4.0.15

 

Please upgrade to this build and follow the quoted Knova article on how to add the configuration and if this still fails please provide us with a backup of the configuration.

 

The above is all outlined in the FAQ

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

 

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 3
Reply
imbc00
Occasional Visitor
‎12-06-2021 09:40 PM
‎12-06-2021 09:40 PM

Re: vulnerability cipher suites on Polycom IP Phones SoundStation Duo

hi,

 

thanks for your advice, after updating the firmware to 4.0.15 and updating the config as per the KB ,now it's resolved the issue.

 

imbc00_1-1638855498870.png

thank you

 

regards,

BC

Message 3 of 3
0 Kudos
Reply