CVE-2020-35587 – This vulnerability allows attackers to easily d... (How to Fix)

Q: What is the severity of CVE-2020-35587?

CVE-2020-35587 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to easily decompile Solstice Pod firmware, revealing non-obfuscated source code. While not directly exploitable, it facilitates reverse engineering and attack development. Organizations using Solstice Pod collaboration devices before version 3.0.3 are affected.

📋 TL;DR

This vulnerability allows attackers to easily decompile Solstice Pod firmware, revealing non-obfuscated source code. While not directly exploitable, it facilitates reverse engineering and attack development. Organizations using Solstice Pod collaboration devices before version 3.0.3 are affected.

💻 Affected Systems

Products:

Mersive Solstice Pod

Versions: All versions before 3.0.3

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: This affects the firmware itself, not dependent on configuration settings.

📦 What is this software?

Solstice Firmware by Mersive

View all CVEs affecting Solstice Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could discover and exploit previously unknown vulnerabilities in the firmware, potentially gaining unauthorized access to the device or network.

🟠

Likely Case

Attackers analyze the code to understand device functionality, identify weaknesses, and develop targeted attacks against the system.

🟢

If Mitigated

With proper network segmentation and access controls, the impact is limited to information disclosure about device internals.

🌐 Internet-Facing: MEDIUM - Internet-facing devices could have their firmware analyzed remotely if attackers gain initial access through other means.

🏢 Internal Only: MEDIUM - Internal devices still risk having firmware analyzed if attackers gain network access through other vectors.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

While decompilation tools are publicly available, exploiting discovered vulnerabilities requires additional development work.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.3 and later

Vendor Advisory: https://documentation.mersive.com/content/pages/release-notes.htm

Restart Required: Yes

Instructions:

1. Log into Solstice Dashboard
2. Navigate to Pod Management
3. Select affected Pods
4. Click 'Update Firmware'
5. Select version 3.0.3 or later
6. Confirm and apply update

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Solstice Pods on separate VLANs with strict firewall rules

Physical Security Controls

all

Restrict physical access to Pod devices to prevent local firmware extraction

🧯 If You Can't Patch

Segment Solstice Pods on isolated network segments with strict access controls
Implement network monitoring for unusual firmware access attempts
Consider replacing with updated hardware if patching is impossible

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Solstice Dashboard under Pod Management > Device Details

Check Version:

Not applicable - version check through web interface only

Verify Fix Applied:

Confirm firmware version shows 3.0.3 or higher in the Solstice Dashboard

📡 Detection & Monitoring

Log Indicators:

Unusual firmware access attempts
Multiple failed authentication attempts to Pod management interface
Unexpected firmware update activity

Network Indicators:

Unusual traffic patterns to/from Solstice Pods
Port scanning targeting Pod management ports
Traffic patterns consistent with firmware extraction

SIEM Query:

source="solstice-pod" AND (event_type="firmware_access" OR auth_failure_count>5)

📊 Metadata

CVE ID: CVE-2020-35587

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-311

Published: December 23, 2020

Last Updated: November 21, 2024

🔗 References

https://attack.mitre.org/techniques/T1444/ Third Party Advisory
https://documentation.mersive.com/content/pages/release-notes.htm Release Notes,Vendor Advisory
https://github.com/aress31/solstice-pod-cves Third Party Advisory
https://www.mersive.com/uk/products/solstice/ Product,Vendor Advisory
https://attack.mitre.org/techniques/T1444/ Third Party Advisory
https://documentation.mersive.com/content/pages/release-notes.htm Release Notes,Vendor Advisory
https://github.com/aress31/solstice-pod-cves Third Party Advisory
https://www.mersive.com/uk/products/solstice/ Product,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35587, you might also want to check these: