IT Professionals:
UITS Telecommunications has been informed of a number of vulnerabilities [1, 2, 3] in the Polycom VVX series of IP phones [4]. This vulnerability may allow remote code execution. Due to the severity of the threat, UITS Telecom has elected to push a firmware upgrade to all VVX phones. As a result of the firmware upgrade, the Better Together Over Ethernet (BTOE) software will also need to be upgraded. The new version in on IU Ware at: https://iuware.iu.edu/Windows/Title/3464.
The firmware upgrade will occur during our maintenance window, Sunday, February 2, between 1:00 am and 5:00 am. You can expect the phones to reboot and relog back in.
If you have questions, please contact UITS Telecommunications at (812) 856-2287 (IUB), (317) 274-3004 (IUPUI), or your regional Local Telecom Contact.
–IT Community Partnerships on behalf of the Communications Planning and Implementation team
[1] Polycom VVX Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2019-12948
[2] BTOE Vulnerability: https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-2.pdf
[3] UCS Software Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2019-10689
[4] Polycom VVX500 series IP phones: https://kb.iu.edu/d/aosn
~~~~~ Today’s IT Pro Tip ~~~~~
On Wednesday, February 26 from 11:00 am to 12:00 pm, ITCP will host an infoshare about upcoming changes to Red Hat Enterprise Linux licensing. Please send in any questions you have about this change to talk2uits@iu.edu and we will provide answers during this infoshare. An event registration link and more details will be provided in an upcoming ITCP mailing.