← Back to CVEs

CVE-2020-35584

MEDIUM

5.9

Description

In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.

CVE Details

CVSS v3.1 Score5.9

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK

ComplexityHIGH

Privileges RequiredNONE

User InteractionNONE

Published12/23/2020

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

mersive:solstice_podmersive:solstice_pod_firmware

Weaknesses (CWE)

CWE-319

References

https://documentation.mersive.com/content/pages/release-notes.htm(cve@mitre.org)

https://github.com/aress31/solstice-pod-cves(cve@mitre.org)

https://www.mersive.com/uk/products/solstice/(cve@mitre.org)

https://documentation.mersive.com/content/pages/release-notes.htm(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/aress31/solstice-pod-cves(af854a3a-2127-422b-91ae-364da2661108)

https://www.mersive.com/uk/products/solstice/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.