SB2021021815 - Multiple vulnerabilities in Digi ConnectPort X2e
Published: February 18, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Use of hard-coded credentials (CVE-ID: CVE-2020-9306)
The vulnerability allows a local user to gain full access to vulnerable system.
The vulnerability exists due to the Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. A local user can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-12878)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A remote authenticated attacker can escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
Remediation
Install update from vendor's website.
References
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md
- https://www.fireeye.com/blog/threat-research.html
- https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html
- https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html
- https://github.com/fireeye/Vulnerability-Disclosures
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md
- https://www.digi.com/support/productdetail?pid=5570