CVE-2002-0627
CVE-2002-0627 is a high-severity vulnerability in Polycom Viewstation 128 with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 2% (73rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Polycom Viewstation 128
- Published:
- Last modified:
Description
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
Frequently asked questions
- What is CVE-2002-0627?
- The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
- How severe is CVE-2002-0627?
- CVE-2002-0627 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2002-0627 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (73rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2002-0627?
- CVE-2002-0627 primarily affects Polycom Viewstation 128. In total, 15 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2002-0627?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2002-0627 published?
- CVE-2002-0627 was published on 2003-01-07 and last updated on 2026-06-16.
References
- http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
- http://www.ciac.org/ciac/bulletins/m-123.shtml
- http://www.iss.net/security_center/static/9348.php
- http://www.polycom.com/common/pw_item_show_doc/0%2C%2C1444%2C00.pdf
- http://www.securityfocus.com/bid/5632
Affected products (15)
- cpe:2.3:h:polycom:viewstation_128:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_128:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_512:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_512:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_dcp:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_dcp:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_fx_vs4000:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_h.323:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_h.323:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_mp:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_mp:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_sp_384:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_sp_384:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_v.35:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_v.35:7.2:*:*:*:*:*:*:*
More vulnerabilities in Polycom Viewstation 128
- CVE-2002-0626 — Critical (CVSS 10.0): Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary…
- CVE-2002-0628 — High (CVSS 7.5): The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which…
- CVE-2002-0630 — Medium (CVSS 5.0): The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash)…
- CVE-2002-0629 — Medium (CVSS 5.0): The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash)…