Arbitrary file upload in Digi Connectport_lts_32_mei
CVE-2020-6975
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.
Vulnerability class: Unrestricted File Upload
EPSS: 0.008 (51.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Digi Connectport_lts_32_mei
- Digi Connectport_lts_32_mei_bios — versions 1.2
- Digi Connectport_lts_32_mei_firmware — versions 1.4.3
- N/a Digi International Connectport Lts 32 Mei — versions Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-6975?
- CVE-2020-6975 is a medium-severity vulnerability in Digi Connectport_lts_32_mei, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 4.9/10. Published 2020-02-12.
- How severe is CVE-2020-6975?
- Medium severity. CVSS v3 base score is 4.9 out of 10.