Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-17T23:07:11
Updated: 2024-08-04T12:11:18.998Z
Reserved: 2020-05-14T00:00:00
Link: CVE-2020-12878
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-18T00:15:17.263
Modified: 2024-11-21T05:00:28.623
Link: CVE-2020-12878
Redhat
No data.