CVE-2020-12878 – Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the py …

Vuln ID: CVE-2020-12878

Published:  2021-02-18  00:15:17Z

Description: Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.

Source: NVD.NIST.GOV