An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.
CPE | Name | Operator | Version |
---|---|---|---|
tofino_xenon_security_appliance_firmware | le | 3.1.0 |