CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-11400

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile1.70th
Published2017年11月20日
Last Modified2026年5月13日

Vulnerability Description

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.

Affected Platforms (CPE)

💻
Belden

Tofino Xenon Security Appliance Firmware

<= 3.1.0

References & Advisories

🔗 https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt
🔗 https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf
🔗 https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt
🔗 https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf

相關漏洞威脅

CVE-2021-300666.8

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security A...

CVE-2017-332410.0

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcompone...

CVE-2017-379110.0

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication ...

CVE-2017-278510.0

An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially cra...