First published: Wed Feb 17 2021(Updated: )
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digi Connectport X2e Firmware | <3.2.30.6 | |
Digi ConnectPort X2e |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12878 is a vulnerability in Digi ConnectPort X2e before version 3.2.30.6 that allows an attacker to escalate privileges from the python user to root.
CVE-2020-12878 exploits a symlink attack using chown, specifically targeting the /etc/init.d/S50dropbear.sh and /WEB/python/.ssh directory, to escalate privileges.
CVE-2020-12878 has a severity rating of 7.8 (High).
Digi ConnectPort X2e firmware versions up to and excluding 3.2.30.6 are affected.
To fix CVE-2020-12878, update your Digi ConnectPort X2e firmware to version 3.2.30.6 or newer.