CVE-2017-11400

Name of the Vulnerable Software and Affected Versions Belden Hirschmann Tofino Xenon Security Appliance versions prior to 03.2.00

Description An issue has been discovered that allows a local attacker to upgrade the equipment with unsigned, attacker-controlled data due to an incomplete firmware signature. This occurs because the appliance config file is signed, but the .tar.sec file is unsigned.

Recommendations For versions prior to 03.2.00, update to version 03.2.00 or later to resolve the issue. As a temporary workaround, consider restricting local access to the appliance to minimize the risk of exploitation.