1. Home
  2. CVE Database
  3. CVE-2020-10277
MEDIUM · 6.4

CVE-2020-10277

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually addin...

Vulnerability Description

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
HIGH

Affected Products

VendorProductVersions
Mobile-Industrial-RobotsMir100 Firmware<= 2.8.1.1
Mobile-Industrial-RobotsMir100-
Mobile-Industrial-RobotsMir200 Firmware-
Mobile-Industrial-RobotsMir200-
Mobile-Industrial-RobotsMir250 Firmware-
Mobile-Industrial-RobotsMir250-
Mobile-Industrial-RobotsMir500 Firmware-
Mobile-Industrial-RobotsMir500-
Mobile-Industrial-RobotsMir1000 Firmware-
Mobile-Industrial-RobotsMir1000-
EasyroboticsEr200 Firmware-
EasyroboticsEr200-
EasyroboticsEr-Lite Firmware-
EasyroboticsEr-Lite-
EasyroboticsEr-Flex Firmware-
EasyroboticsEr-Flex-
EasyroboticsEr-One Firmware-
EasyroboticsEr-One-
Uvd-RobotsUvd Firmware-
Uvd-RobotsUvd-

Related Weaknesses (CWE)

CWE-656

References

FAQ

What is CVE-2020-10277?

CVE-2020-10277 is a vulnerability with a CVSS score of 6.4 (MEDIUM). There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually addin...

How severe is CVE-2020-10277?

CVE-2020-10277 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10277?

Check the references section above for vendor advisories and patch information. Affected products include: Mobile-Industrial-Robots Mir100 Firmware, Mobile-Industrial-Robots Mir100, Mobile-Industrial-Robots Mir200 Firmware, Mobile-Industrial-Robots Mir200, Mobile-Industrial-Robots Mir250 Firmware.