CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-12878
https://notcve.org/view.php?id=CVE-2020-12878
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. Digi ConnectPort X2e versiones anteriores a 3.2.30.6, permite a un atacante escalar privilegios del usuario de Python a root por medio de un ataque symlink que usa chown, relacionado con el archivo /etc/init.d/S50dropbear.sh y el directorio /WEB/python/.ssh • https://github.com/fireeye/Vulnerability-Disclosures https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md https://www.digi.com/support/productdetail?pid=5570 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •