CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-11400

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.1%

CVSS Severity

CVSS v3 Score 6.8

CVSS v2 Score 7.2

References

https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt
https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf
https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt
https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf

Products affected by CVE-2017-11400

Belden » Tofino Xenon Security Appliance » Version: N/A

cpe:2.3:h:belden:tofino_xenon_security_appliance:-
Belden » Tofino Xenon Security Appliance Firmware » Version: 3.1.0

cpe:2.3:o:belden:tofino_xenon_security_appliance_firmware:3.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11400

Products

Pricing

Contact Us