CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.

CVSS

No CVSS.

References

Link	Resource
https://support.hp.com/us-en/document/ish_14269649-14269682-16/hpsbpy04081

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-03 02:16

Updated : 2026-03-03 21:52

NVD link : CVE-2026-0754

Mitre link : CVE-2026-0754

CVE.ORG link : CVE-2026-0754

JSON object : View

Products Affected

No product.

CWE

CWE-321

Use of Hard-coded Cryptographic Key

{"id": "CVE-2026-0754", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-03T02:16:07.320", "references": [{"url": "https://support.hp.com/us-en/document/ish_14269649-14269682-16/hpsbpy04081", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-321"}]}], "descriptions": [{"lang": "en", "value": "An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate."}, {"lang": "es", "value": "Una clave de prueba y un certificado incrustados podr\u00edan extraerse de un dispositivo Poly Voice utilizando herramientas especializadas de ingenier\u00eda inversa. Este certificado extra\u00eddo podr\u00eda ser aceptado por un proveedor de servicios SIP si el proveedor de servicios no realiza una validaci\u00f3n adecuada del certificado del dispositivo."}], "lastModified": "2026-03-03T21:52:29.877", "sourceIdentifier": "hp-security-alert@hp.com"}

CVE-2026-0754

JSON object

Attach tags to CVE-2026-0754

Attach tags to `CVE-2026-0754`