CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.9%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

https://github.com/fireeye/Vulnerability-Disclosures
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md
https://www.digi.com/support/productdetail?pid=5570
https://github.com/fireeye/Vulnerability-Disclosures
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md
https://www.digi.com/support/productdetail?pid=5570

Products affected by CVE-2020-12878

Digi » Connectport X2e » Version: N/A

cpe:2.3:h:digi:connectport_x2e:-
Digi » Connectport X2e Firmware » Version: Any

cpe:2.3:o:digi:connectport_x2e_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-12878

Products

Pricing

Contact Us