RVD#85: Exposed ports and automatically loaded files could lead to command execution

[aliasbot]

{
    "id": 85,
    "title": "RVD#85: Exposed ports and automatically loaded files could lead to command execution",
    "type": "vulnerability",
    "description": "If a specially crafted file is stored in a determined folder on a usb drive, the file is automatically executed with root privileges on startup or reboot. The interpretation of this file is vulnerable to OS command injection.",
    "cwe": "CWE-OS Command Injection (CWE-78)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: Vgo",
        "severity: critical",
        "state: new",
        "vendor: Vecna",
        "vulnerability"
    ],
    "system": "Vgo",
    "vendor": "Vecna",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:PP/AC:H/PR:N/UI:N/Y:Z/S:U/C:H/I:H/A:H/H:H",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/85"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2018-10-17",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2018-10-17",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/85",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.