CVE-2020-12878

Name of the Vulnerable Software and Affected Versions Digi ConnectPort X2e versions prior to 3.2.30.6

Description The issue allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.

Recommendations For versions prior to 3.2.30.6, update to version 3.2.30.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the /WEB/python/.ssh directory and the S50dropbear.sh script to minimize the risk of exploitation.