2 matches found
Code injection
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification for a USB stick can be bypassed. NOTE: this issue exists because of an...
CVE-2017-11400
Affected product: Belden Hirschmann Tofino Xenon Security Appliance (before 03.2.00). Issue and root cause: Incomplete firmware signature verification due to appliance_config being signed while the .tar.sec is unsigned, enabling a local attacker to upgrade the kernel and filesystem with unsigned,...