Vulnerability identifier: #VU15427
Vulnerability risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
VGo Celia
Hardware solutions /
Firmware
Vendor: Vecna Technologies
Description
The vulnerability allows an adjacent attacker to bypass authorization on the target system.
The weakness exists in the XMPP client due to improper authorization. An adjacent attacker can access telepresence robot's internal functions and execute arbitrary commands.
Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versions
VGo Celia: 1.4.2 - 3.0.3.52164
External links
http://go.zingbox.com/rs/562-ZPO-907/images/Zingbox%20Whitepaper%20-%20Telepresence%20Robot%20Vulnerabilities.pdf
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.