CVE-2017-11402
Summary
| CVE | CVE-2017-11402 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-11-20 15:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Belden | Tofino Xenon Security Appliance | - | All | All | All |
| Hardware | Belden | Tofino Xenon Security Appliance | - | All | All | All |
| Operating System | Belden | Tofino Xenon Security Appliance Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSE... | MISC | www.belden.com | Vendor Advisory |
| security-advisories/tofino.txt at master · airbus-seclab/security-advisories · GitHub | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.