CVE-2021-30066

Name of the Vulnerable Software and Affected Versions Schneider Electric ConneXium Tofino Firewall versions prior to 03.23 Belden Tofino Xenon Security Appliance (affected versions not specified) Tofino Argon Security Appliance (affected versions not specified) EAGLE 20 Tofino (affected versions not specified)

Description The issue is related to the bypass of firmware signature verification for a USB stick, allowing an arbitrary firmware image to be loaded. This is due to an incomplete fix of a previous issue. The vulnerability can be exploited by a remote attacker to load a malicious firmware image.

Recommendations For Schneider Electric ConneXium Tofino Firewall, update to version 03.23 or later. For Belden Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the USB port to minimize the risk of exploitation.