Описание
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
Ссылки
- ProductVendor Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.2 (включая)
Одновременно
cpe:2.3:o:mersive:solstice_pod_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mersive:solstice_pod:-:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01338
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-134
Связанные уязвимости
github
больше 3 лет назад
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
EPSS
Процентиль: 80%
0.01338
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-134