CVE-2026-0754

Summary

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.

Affected Software

VendorProductVersion RangeStatus
HP IncVVX0 < <UCS 6.4.8affected
HP IncEdge E0 < <PVOS 8.5.0affected
HP IncTrio 83000 < <UCS 8.1.7.caffected

Weaknesses

  • CWE-321: CWE-321

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References