Vulnerability Description
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mersive | Solstice Pod Firmware | <= 5.0.2 |
| Mersive | Solstice Pod | - |
Related Weaknesses (CWE)
References
- https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htmProductVendor Advisory
- https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticatExploitThird Party Advisory
- https://twitter.com/Kevin2600/status/1316261149403275264Third Party Advisory
- https://www.youtube.com/watch?v=EGW_M1MqAG0ExploitThird Party Advisory
- https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htmProductVendor Advisory
- https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticatExploitThird Party Advisory
- https://twitter.com/Kevin2600/status/1316261149403275264Third Party Advisory
- https://www.youtube.com/watch?v=EGW_M1MqAG0ExploitThird Party Advisory
FAQ
What is CVE-2020-27523?
CVE-2020-27523 is a vulnerability with a CVSS score of 7.5 (HIGH). Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication...
How severe is CVE-2020-27523?
CVE-2020-27523 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27523?
Check the references section above for vendor advisories and patch information. Affected products include: Mersive Solstice Pod Firmware, Mersive Solstice Pod.