Unencrypted Communication Vulnerability in Solstice Pod by Mersive
CVE-2020-35584

5.9MEDIUM

Key Information:

Vendor

Mersive

Status
Solstice Pod Firmware
Vendor
CVE Published:
23 December 2020

What is CVE-2020-35584?

The Solstice Pod, prior to version 3.0.3, contains a vulnerability that permits users to connect using unencrypted channels. This insecurity, particularly evident through the Browser Look-in feature, can be exploited by attackers positioned to intercept legitimate users' network traffic. As a result, attackers may monitor interactions with the web services and capture sensitive information, including administrator passwords and screen keys. This poses a significant risk to the confidentiality of user data, highlighting the importance of implementing encrypted communications for secure operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://documentation.mersive.com/content/pages/release-n...
x_refsource_MISC
https://www.mersive.com/uk/products/solstice/
x_refsource_MISC
https://github.com/aress31/solstice-pod-cves
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.