Insecure Firmware Upgrade Vulnerability in Belden Hirschmann Tofino Xenon Security Appliance
CVE-2017-11400

6.8MEDIUM

Key Information:

Vendor: Belden
Status: Tofino Xenon Security Appliance Firmware
Vendor: CVE Published:; 20 November 2017

What is CVE-2017-11400?

An issue has been identified in the Belden Hirschmann Tofino Xenon Security Appliance prior to version 03.2.00. This vulnerability occurs due to an incomplete firmware signature, which permits a local attacker to install unauthorized firmware, potentially compromising the device. Specifically, while the appliance_config file is secured with a signature, the .tar.sec firmware files are left unsigned, creating a major security oversight.

References

https://www.belden.com/hubfs/support/security/bulletins/B...

x_refsource_MISC

https://github.com/airbus-seclab/security-advisories/blob...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2017
Vulnerability Reserved
Jul 17, 2017

JSON