Vulnerability Details CVE-2020-10277
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.4%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 4.6
References
Products affected by CVE-2020-10277
-
cpe:2.3:h:easyrobotics:er-flex:-
-
cpe:2.3:h:easyrobotics:er-lite:-
-
cpe:2.3:h:easyrobotics:er-one:-
-
cpe:2.3:h:easyrobotics:er200:-
-
cpe:2.3:h:mobile-industrial-robots:mir1000:-
-
cpe:2.3:h:mobile-industrial-robots:mir100:-
-
cpe:2.3:h:mobile-industrial-robots:mir200:-
-
cpe:2.3:h:mobile-industrial-robots:mir250:-
-
cpe:2.3:h:mobile-industrial-robots:mir500:-
-
cpe:2.3:h:uvd-robots:uvd:-
-
cpe:2.3:o:easyrobotics:er-flex_firmware:-
-
cpe:2.3:o:easyrobotics:er-lite_firmware:-
-
cpe:2.3:o:easyrobotics:er-one_firmware:-
-
cpe:2.3:o:easyrobotics:er200_firmware:-
-
cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-
-
cpe:2.3:o:mobile-industrial-robots:mir100_firmware:*
-
cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-
-
cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-
-
cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-
-
cpe:2.3:o:uvd-robots:uvd_firmware:-