{"data":{"id":"cbc4fa49-eae5-4b72-9551-d1bc2f95ee09","title":"HP Poly VoIP vulnerability sets the stage for executive voice deepfakes","summary":"HP released patches for a critical buffer overflow vulnerability (a coding flaw where too much data is written into a fixed-size memory container) in its Poly Voice conference phones that could allow attackers without authentication to gain root access (complete control of the operating system) and record conversations for voice deepfakes (AI-generated fake audio impersonations). The flaw exists in code that processes ICE (Interactive Connectivity Establishment, a feature for establishing direct network connections) requests and affects multiple Poly phone models.","solution":"HP has fixed the vulnerability in Poly Unified Communications Software (UCS) versions 6.4.8 for VVX devices, 8.1.7 for Trio 8300, and 7.2.8 for Trio 8500 and 8800 phones. Additionally, HP advises administrators to disable the ICE feature if it is not needed, since it is not enabled by default on HP Poly devices.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4180223/hp-poly-voip-vulnerability-sets-the-stage-for-executive-voice-deepfakes.html","publishedAt":"2026-06-02T20:58:20.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-02T20:58:20.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}