Digi ConnectPort LTS 32 MEI (ICSA-20-042-13)

CISA has published an advisory on unrestricted upload of file with dangerous type and cross-site scripting vulnerabilities in Digi International ConnectPort LTS 32 MEI. Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2 is affected. Successful exploitation of these vulnerabilities could limit system availability. Digi recommends users upgrade to the mandatory release of ConnectPort LTS Version 1.4.5, released on November 8, 2019. Additionally, it recommends a series of best practices. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.