CVE-2017-11400 — Improper Verification of Cryptographic Signature in Tofino Xenon Security Appliance Firmware

CWE-347 — Improper Verification of Cryptographic Signature3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 98.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Belden Tofino Xenon Security Appliance Firmware
Timeline
PublishedNov 20
Latest updateMay 13

Description

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mrc4-5458-65m9: An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03↗2022-05-13
â–¶
CVEList
CVE-2017-11400: An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03↗2017-11-20
â–¶
CVE-2017-11400 — MEDIUM severity | cvebase