CVE-2017-11402 — Improper Input Validation in Tofino Xenon Security Appliance Firmware

CWE-20 — Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 74.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Belden Tofino Xenon Security Appliance Firmware
Timeline
PublishedNov 20
Latest updateMay 13

Description

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-g5fp-55mr-fxj5: An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03↗2022-05-13
â–¶
CVEList
CVE-2017-11402: An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03↗2017-11-20
â–¶
CVE-2017-11402 — Improper Input Validation | cvebase