Vulnerability Description
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mersive | Solstice Pod Firmware | < 3.0.3 |
| Mersive | Solstice Pod | - |
Related Weaknesses (CWE)
References
- https://documentation.mersive.com/content/pages/release-notes.htmRelease NotesVendor Advisory
- https://github.com/aress31/solstice-pod-cvesExploitThird Party Advisory
- https://www.mersive.com/uk/products/solstice/ProductVendor Advisory
- https://documentation.mersive.com/content/pages/release-notes.htmRelease NotesVendor Advisory
- https://github.com/aress31/solstice-pod-cvesExploitThird Party Advisory
- https://www.mersive.com/uk/products/solstice/ProductVendor Advisory
FAQ
What is CVE-2020-35584?
CVE-2020-35584 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's net...
How severe is CVE-2020-35584?
CVE-2020-35584 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35584?
Check the references section above for vendor advisories and patch information. Affected products include: Mersive Solstice Pod Firmware, Mersive Solstice Pod.