Vulnerability Description
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ufactory | Xarm 5 Lite Firmware | <= 1.5.0 |
| Ufactory | Xarm 5 Lite | - |
| Ufactory | Xarm 6 Firmware | - |
| Ufactory | Xarm 6 | - |
| Ufactory | Xarm 7 Firmware | - |
| Ufactory | Xarm 7 | - |
Related Weaknesses (CWE)
References
- https://github.com/aliasrobotics/RVD/issues/3323Third Party Advisory
- https://github.com/aliasrobotics/RVD/issues/3323Third Party Advisory
FAQ
What is CVE-2020-10286?
CVE-2020-10286 is a vulnerability with a CVSS score of 8.8 (HIGH). the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible file...
How severe is CVE-2020-10286?
CVE-2020-10286 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10286?
Check the references section above for vendor advisories and patch information. Affected products include: Ufactory Xarm 5 Lite Firmware, Ufactory Xarm 5 Lite, Ufactory Xarm 6 Firmware, Ufactory Xarm 6, Ufactory Xarm 7 Firmware.