Vulnerability Description
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Belden | Tofino Xenon Security Appliance Firmware | < 03.2.03 |
| Belden | Tofino Xenon Security Appliance | - |
| Belden | Tofino Argon Fa-Tsa-220-Tx\/Mm Firmware | - |
| Belden | Tofino Argon Fa-Tsa-220-Tx\/Mm | - |
| Belden | Tofino Argon Fa-Tsa-220-Tx\/Tx Firmware | - |
| Belden | Tofino Argon Fa-Tsa-220-Tx\/Tx | - |
| Belden | Tofino Argon Fa-Tsa-220-Mm\/Tx Firmware | - |
| Belden | Tofino Argon Fa-Tsa-220-Mm\/Tx | - |
| Belden | Tofino Argon Fa-Tsa-220-Mm\/Mm Firmware | - |
| Belden | Tofino Argon Fa-Tsa-220-Mm\/Mm | - |
| Belden | Tofino Argon Fa-Tsa-100-Tx\/Tx Firmware | - |
| Belden | Tofino Argon Fa-Tsa-100-Tx\/Tx | - |
| Belden | Eagle 20 Tofino 943 987-505-Mm\/Mm Firmware | - |
| Belden | Eagle 20 Tofino 943 987-505-Mm\/Mm | - |
| Belden | Eagle 20 Tofino 943 987-504-Mm\/Tx Firmware | - |
| Belden | Eagle 20 Tofino 943 987-504-Mm\/Tx | - |
| Belden | Eagle 20 Tofino 943 987-502 -Tx\/Mm Firmware | - |
| Belden | Eagle 20 Tofino 943 987-502 -Tx\/Mm | - |
| Belden | Eagle 20 Tofino 943 987-501-Tx\/Tx Firmware | - |
| Belden | Eagle 20 Tofino 943 987-501-Tx\/Tx | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05Vendor Advisory
- https://www.belden.com/support/security-assuranceVendor Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05Vendor Advisory
- https://www.belden.com/support/security-assuranceVendor Advisory
FAQ
What is CVE-2021-30066?
CVE-2021-30066 is a vulnerability with a CVSS score of 6.8 (MEDIUM). On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware s...
How severe is CVE-2021-30066?
CVE-2021-30066 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-30066?
Check the references section above for vendor advisories and patch information. Affected products include: Belden Tofino Xenon Security Appliance Firmware, Belden Tofino Xenon Security Appliance, Belden Tofino Argon Fa-Tsa-220-Tx\/Mm Firmware, Belden Tofino Argon Fa-Tsa-220-Tx\/Mm, Belden Tofino Argon Fa-Tsa-220-Tx\/Tx Firmware.