CVE-2021-30066

CWE-3473 documents3 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 99.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Belden Tofino Xenon Security Appliance FirmwareSchneider-electric Tcsefea23f3f22 Firmware
Timeline
PublishedApr 3
Latest updateApr 5

Description

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-j2pq-xrmc-f4r4: On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 032022-04-05
CVEList
CVE-2021-30066: On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 032022-04-03
CVE-2021-30066 (MEDIUM CVSS 6.8) | On Schneider Electric ConneXium Tof | cvebase.io