← Volver a CVEs

CVE-2020-35584

MEDIUM

5.9

Descripcion

In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.

Detalles CVE

Puntuacion CVSS v3.15.9

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Vector de ataqueNETWORK

ComplejidadHIGH

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado12/23/2020

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

mersive:solstice_podmersive:solstice_pod_firmware

Debilidades (CWE)

CWE-319

Referencias

https://documentation.mersive.com/content/pages/release-notes.htm(cve@mitre.org)

https://github.com/aress31/solstice-pod-cves(cve@mitre.org)

https://www.mersive.com/uk/products/solstice/(cve@mitre.org)

https://documentation.mersive.com/content/pages/release-notes.htm(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/aress31/solstice-pod-cves(af854a3a-2127-422b-91ae-364da2661108)

https://www.mersive.com/uk/products/solstice/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.