Input validation

2019-11-2716:15:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

JSON

Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.

CPENameOperatorVersion
solstice_firmwarelt2.8.4

CPE	Name	Operator	Version
	solstice_firmware	lt	2.8.4

References

packetstormsecurity.com/files/155494/Mersive-Solstice-2.8.0-Remote-Code-Execution.html

documentation.mersive.com/content/pages/release-notes.htm

github.com/aress31/cve-2017-12945

www.exploit-db.com/exploits/47722