Extractable Test Key/Cert on Poly Voice Device: SIP Bypass
CVE-2026-0754 Published on March 3, 2026

SIP Service Providers – Possible Impersonation of Poly Voice Device
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.

NVD

Weakness Type

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Affected Versions

HP Inc VVX:

Before <UCS 6.4.8 is affected.

HP Inc Edge E:

Before <PVOS 8.5.0 is affected.

HP Inc Trio 8300:

Before <UCS 8.1.7.c is affected.

Exploit Probability

EPSS

0.01%

Percentile

0.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Extractable Test Key/Cert on Poly Voice Device: SIP BypassCVE-2026-0754 Published on March 3, 2026

Weakness Type

Use of Hard-coded Cryptographic Key

Affected Versions

Exploit Probability

Extractable Test Key/Cert on Poly Voice Device: SIP Bypass
CVE-2026-0754 Published on March 3, 2026