Incomplete Firmware Signature Allows Local Attackers to Upgrade Belden Hirschmann Tofino Xenon Security Appliance with Unsigned Data
CVE-2017-11400 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.
Learn more about our Web Application Penetration Testing UK.