vulnerability cipher suites on Polycom IP Phones SoundStation Duo

SOLVED
imbc00
Occasional Visitor

vulnerability cipher suites on Polycom IP Phones SoundStation Duo

hi,

I have an issue with DES cipher vulnerability. I tried to update the config following this kb cipher suites kb . but could not resolve the issue. my IP Phone doesn't have an option to select the minimum TLS version and this vulnerability affected my 8pcs Polycom SoundStation Duo. also I tried to update the firmware to 4.1.1.0934 it has no effect.

 

the question: how to fix this Vulnerabilities?

 

this is my cipher suites configuration:

ALL:!DH:!LOW:!EXP:!MD5:!DES:@STRENGTH

imbc00_0-1638515536682.png

 

 

 

 

Phone Information
Phone ModelSoundStation Duo
Part Number3111-19000-001 Rev:F
MAC Address00:04:F2:F4:13:B0
UC Software Version4.0.7.4180
BootROM Software Version5.0.7.1284

 

test result after updated the config:

 

 

Starting Nmap 6.40 ( http://nmap.org ) at 2021-12-03 14:48 +08
Nmap scan report for X.X.X.X
Host is up (0.0036s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_DES_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors:
|       NULL
|   TLSv1.0:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_DES_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors:
|       NULL
|_  least strength: weak
5060/tcp open  sip

 

 

 

 

 

 

 

thanks in advance

regards,

bc

Message 1 of 3
1 ACCEPTED SOLUTION

Accepted Solutions
SteffenBaierUK
Polycom Employee & Community Manager

Re: vulnerability cipher suites on Polycom IP Phones SoundStation Duo

Hello @imbc00 ,

 

Welcome to the Poly Community.

 

If you are not using Microsoft Lync or Skype for Business on-premise UC Software 4.1.1 is not a supported software for your device.

 

The device, if used in openSIP has the latest Software 4.0.15

 

Please upgrade to this build and follow the quoted Knova article on how to add the configuration and if this still fails please provide us with a backup of the configuration.

 

The above is all outlined in the FAQ

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

 

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓ SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections

View solution in original post

Message 2 of 3
2 REPLIES 2
SteffenBaierUK
Polycom Employee & Community Manager

Re: vulnerability cipher suites on Polycom IP Phones SoundStation Duo

Hello @imbc00 ,

 

Welcome to the Poly Community.

 

If you are not using Microsoft Lync or Skype for Business on-premise UC Software 4.1.1 is not a supported software for your device.

 

The device, if used in openSIP has the latest Software 4.0.15

 

Please upgrade to this build and follow the quoted Knova article on how to add the configuration and if this still fails please provide us with a backup of the configuration.

 

The above is all outlined in the FAQ

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

 

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓ SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections
Message 2 of 3
imbc00
Occasional Visitor

Re: vulnerability cipher suites on Polycom IP Phones SoundStation Duo

hi,

 

thanks for your advice, after updating the firmware to 4.0.15 and updating the config as per the KB ,now it's resolved the issue.

 

imbc00_1-1638855498870.png

thank you

 

regards,

BC

Message 3 of 3