Nuvation Energy Multi-Stack Controller Unintended Proxy Vulnerability

A vulnerability allowing unintended proxy or intermediary behavior has been identified in Nuvation Energy's Multi-Stack Controller (MSC) versions through and including 2.5.1. This vulnerability facilitates network boundary bridging, which could potentially be exploited to manipulate or intercept communications across network boundaries.

Impact

Exploitation of this vulnerability could lead to unintended proxying of network traffic, allowing for interception or manipulation of communications across network boundaries.

Remediation

Users are advised to update their Multi-Stack Controller to version 2.5.1 or later. Consult Nuvation's documentation for guidance on enabling authentication on the MSC and setting a strong password. Security-conscious users may also wish to restrict access to the nCloud service if it is not necessary for their operations.