Vulnerability Description
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Belden | Tofino Xenon Security Appliance Firmware | <= 3.1.0 |
| Belden | Tofino Xenon Security Appliance | - |
Related Weaknesses (CWE)
References
- https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.tThird Party Advisory
- https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-BulletinVendor Advisory
- https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.tThird Party Advisory
- https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-BulletinVendor Advisory
FAQ
What is CVE-2017-11400?
CVE-2017-11400 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file sy...
How severe is CVE-2017-11400?
CVE-2017-11400 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11400?
Check the references section above for vendor advisories and patch information. Affected products include: Belden Tofino Xenon Security Appliance Firmware, Belden Tofino Xenon Security Appliance.