CVE-2020-10286 CRITICAL

CVE-2020-10286: RVD#3323: Mismanaged permission implementation leads to privilege escalation, exfiltration of sensitive information, and DoS

Vendor Ufactory
Product xArm 5 Lite, xArm 6 and xArm 7
Weakness CWE-656
Published July 15, 2020
Last update September 17, 2024

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.

Key dates

02Disclosure timeline

July 15, 2020 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE