CVE-2020-27523 - OpenCVE

Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mersive	Solstice Pod Solstice Pod Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mersive:solstice_pod_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mersive:solstice_pod:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm
https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html
https://twitter.com/Kevin2600/status/1316261149403275264
https://www.youtube.com/watch?v=EGW_M1MqAG0

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-11T14:23:42

Updated: 2024-08-04T16:18:44.936Z

Reserved: 2020-10-21T00:00:00

Link: CVE-2020-27523

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-11T15:15:11.293

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-27523

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-11T14:23:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/Kevin2600/status/1316261149403275264"}, {"tags": ["x_refsource_MISC"], "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-27523", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.youtube.com/watch?v=EGW_M1MqAG0", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"}, {"name": "https://twitter.com/Kevin2600/status/1316261149403275264", "refsource": "MISC", "url": "https://twitter.com/Kevin2600/status/1316261149403275264"}, {"name": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm", "refsource": "MISC", "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"}, {"name": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html", "refsource": "MISC", "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:18:44.936Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/Kevin2600/status/1316261149403275264"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-27523", "datePublished": "2020-11-11T14:23:42", "dateReserved": "2020-10-21T00:00:00", "dateUpdated": "2024-08-04T16:18:44.936Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mersive:solstice_pod_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "26BA475B-9EF4-4170-976E-151E903EC23D", "versionEndIncluding": "5.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mersive:solstice_pod:-:*:*:*:*:*:*:*", "matchCriteriaId": "2208F1E1-4F8B-416E-B46C-40A8E862B55B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service."}, {"lang": "es", "value": "Solstice-Pod versiones hasta 5.0.2 El servidor WEBRTC maneja inapropiadamente los especificadores de cadena de formato %x; %p; %c y %s en los par\u00e1metros screen_key, display_name, browser_name y operation_system durante el proceso de autenticaci\u00f3n. Esto puede bloquear el servidor y obligar a Solstice-Pod para reiniciarse, lo que conduce a una denegaci\u00f3n de servicio"}], "id": "CVE-2020-27523", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-11T15:15:11.293", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://documentation.mersive.com/content/topics/general-gen2i-pod-specs.htm"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://tiger-team-1337.blogspot.com/2020/10/solstice-pod-critical-unauthenticated.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/Kevin2600/status/1316261149403275264"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=EGW_M1MqAG0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}