Описание
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (включая)
Одновременно
cpe:2.3:o:ufactory:xarm_5_lite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ufactory:xarm_5_lite:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:ufactory:xarm_6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ufactory:xarm_6:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:ufactory:xarm_7_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ufactory:xarm_7:-:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00195
Низкий
9.4 Critical
CVSS3
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-656
CWE-269
Связанные уязвимости
github
больше 3 лет назад
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
EPSS
Процентиль: 41%
0.00195
Низкий
9.4 Critical
CVSS3
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-656
CWE-269