Today, Vidyo issued a fix to resolve a security issue in its VidyoPortal server software.
This issue permits, under certain circumstances, authenticated and privileged administrative users to potentially gain access to user and other data on the VidyoPortal that is not otherwise accessible to them.
The update is available for the following versions of VidyoPortal:
|Current GA Release||Fixed Release|
|3.4.4 (78)||3.4.4 (78) + KB51_344|
|3.4.4 (88D)||3.4.4 (88D) + KB51_344|
|3.4.6 (37)||3.4.6 (38)|
|17.2.0 (199)||17.2.0 (204)|
|17.3.0 (38)||17.3.0 (39)|
If you are not using one of these versions, Vidyo strongly recommends that you update to one of the versions listed above immediately.
What Do I Need to Do?
- If you have a deployed instance of VidyoPortal, Vidyo strongly advises you to update to one of the versions listed above immediately. Downloads are available from this link for everyone. Downloads are also available from the Portal and Router Packages section on the Vidyo Help Center.
In addition to applying the update, Vidyo strongly recommends taking the following precautions:
- We recommend changing your administrative passwords now, and as a general security practice, consider frequently changing your user passwords.
- As a best practice, apply all Security Updates that are applicable to all Vidyo software that you are running.
If you need help or have questions, please contact the Vidyo Customer Service Team at firstname.lastname@example.org.
NOTE: This fix is available to all customers regardless of their support contract status.