CVE-2021-30066
First published: Sun Apr 03 2022(Updated: )
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Belden Tofino Xenon Security Appliance Firmware | <03.2.03 | |
| Belden Tofino Xenon Security Appliance Firmware | ||
| Belden Tofino Argon Fa-tsa-220-tx/mm Firmware | ||
| Belden Tofino Argon Fa-tsa-220-tx/mm | ||
| Belden Tofino Argon Fa-tsa-220-tx/tx Firmware | ||
| Belden Tofino Argon Fa-tsa-220-tx/tx | ||
| Belden Tofino Argon Fa-tsa-220-mm/tx Firmware | ||
| Belden Tofino Argon Fa-tsa-220-mm/tx | ||
| Belden Tofino Argon Fa-tsa-220-mm/mm Firmware | ||
| Belden Tofino Argon Fa-tsa-220-mm/mm | ||
| Belden Tofino Argon Fa-tsa-100-tx/tx Firmware | ||
| Belden Tofino Argon Fa-tsa-100-tx/tx | ||
| Belden Eagle 20 Tofino 943 987-505-mm/mm Firmware | ||
| Belden Eagle 20 Tofino 943 987-505-mm/mm | ||
| Belden Eagle 20 Tofino 943 987-504-mm/tx Firmware | ||
| Belden Eagle 20 Tofino 943 987-504-mm/tx | ||
| Belden Eagle 20 Tofino 943 987-502 -tx/mm Firmware | ||
| Belden Eagle 20 Tofino 943 987-502 | ||
| Belden Eagle 20 Tofino 943 987-501-tx/tx Firmware | ||
| Belden Eagle 20 Tofino | ||
| Schneider-electric Tcsefea23f3f20 Firmware | ||
| Schneider-electric Tcsefea23f3f20 | ||
| Schneider-electric Tcsefea23f3f21 Firmware | ||
| Schneider-electric Tcsefea23f3f21 | ||
| Schneider-electric Tcsefea23f3f22 Firmware | <03.23 | |
| Schneider-electric Tcsefea23f3f22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2021-30066.
What is the severity of CVE-2021-30066?
CVE-2021-30066 has a severity score of 6.8 (high).
Which software versions are affected by CVE-2021-30066?
Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance firmware versions up to and excluding 03.2.03 are affected.
How can an arbitrary firmware image be loaded on the affected devices?
The firmware signature verification for a USB stick can be bypassed, allowing an arbitrary firmware image to be loaded on the affected devices.
How can I fix CVE-2021-30066?
To fix CVE-2021-30066, it is recommended to update the affected devices to the latest firmware version that includes a fix for this vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/belden
- canonical/belden tofino xenon security appliance firmware
- canonical/belden tofino argon fa-tsa-220-tx/mm firmware
- canonical/belden tofino argon fa-tsa-220-tx/mm
- canonical/belden tofino argon fa-tsa-220-tx/tx firmware
- canonical/belden tofino argon fa-tsa-220-tx/tx
- canonical/belden tofino argon fa-tsa-220-mm/tx firmware
- canonical/belden tofino argon fa-tsa-220-mm/tx
- canonical/belden tofino argon fa-tsa-220-mm/mm firmware
- canonical/belden tofino argon fa-tsa-220-mm/mm
- canonical/belden tofino argon fa-tsa-100-tx/tx firmware
- canonical/belden tofino argon fa-tsa-100-tx/tx
- canonical/belden eagle 20 tofino 943 987-505-mm/mm firmware
- canonical/belden eagle 20 tofino 943 987-505-mm/mm
- canonical/belden eagle 20 tofino 943 987-504-mm/tx firmware
- canonical/belden eagle 20 tofino 943 987-504-mm/tx
- canonical/belden eagle 20 tofino 943 987-502 -tx/mm firmware
- canonical/belden eagle 20 tofino 943 987-502
- canonical/belden eagle 20 tofino 943 987-501-tx/tx firmware
- canonical/belden eagle 20 tofino
- vendor/schneider-electric
- canonical/schneider-electric tcsefea23f3f20 firmware
- canonical/schneider-electric tcsefea23f3f20
- canonical/schneider-electric tcsefea23f3f21 firmware
- canonical/schneider-electric tcsefea23f3f21
- canonical/schneider-electric tcsefea23f3f22 firmware
- canonical/schneider-electric tcsefea23f3f22