CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11400

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile1.70th
PublishedNov 20, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.

Affected Platforms (CPE)

πŸ’»
Belden

Tofino Xenon Security Appliance Firmware

<= 3.1.0

References & Advisories

πŸ”— https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt
πŸ”— https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf
πŸ”— https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt
πŸ”— https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf

Related Vulnerabilities

CVE-2021-300666.8

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security A...

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-362310.0

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions tha...

CVE-2017-811010.0

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.