CVE-2020-12878
HIGHDigi ConnectPort X2e <3.2.30.6 - Privilege Escalation
Title source: llmDescription
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/fireeye/Vulnerability-Disclosures
Release Notes, Vendor Advisory x_refsource_misc
https://www.digi.com/support/productdetail?pid=5570
Exploit, Third Party Advisory x_refsource_misc
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md
Scores
CVSS v3
7.8
EPSS
0.0050
EPSS Percentile
39.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (1)
digi/connectport_x2e_firmware
< 3.2.30.6
Published
Feb 18, 2021
Tracked Since
Feb 18, 2026