PT-2017-11983 · Belden Hirschmann · Tofino Xenon Security Appliance

Published

2017-11-20

Updated

2022-04-04

CVE-2017-11400

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Belden Hirschmann Tofino Xenon Security Appliance versions prior to 03.2.00

Description An issue has been discovered that allows a local attacker to upgrade the equipment with unsigned, attacker-controlled data due to an incomplete firmware signature. This occurs because the appliance config file is signed, but the .tar.sec file is unsigned.

Recommendations For versions prior to 03.2.00, update to version 03.2.00 or later to resolve the issue. As a temporary workaround, consider restricting local access to the appliance to minimize the risk of exploitation.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2017-11400

Affected Products

Tofino Xenon Security Appliance

PT-2017-11983 · Belden Hirschmann · Tofino Xenon Security Appliance

CVE-2017-11400

Weakness Enumeration

Related Identifiers

Affected Products

References · 6