Vulnerability Details CVE-2020-35584
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.6%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- https://documentation.mersive.com/content/pages/release-notes.htm
- https://github.com/aress31/solstice-pod-cves
- https://www.mersive.com/uk/products/solstice/
- https://documentation.mersive.com/content/pages/release-notes.htm
- https://github.com/aress31/solstice-pod-cves
- https://www.mersive.com/uk/products/solstice/
Products affected by CVE-2020-35584
-
cpe:2.3:h:mersive:solstice_pod:-
-
cpe:2.3:o:mersive:solstice_pod_firmware:-
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.6.0
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.6.2
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.7.0
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.7.2
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.7.3
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.8.0
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.8.4
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.8.7
-
cpe:2.3:o:mersive:solstice_pod_firmware:2.8.9
-
cpe:2.3:o:mersive:solstice_pod_firmware:3.0.1