CVE-2017-5670
MEDIUMRiverbed RiOS <= 9.6.0 - Exposure of Sensitive Information via Insecure Vault Deletion
Title source: llmDescription
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Feb/25
Various Sources x_refsource_misc
https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96175
Mitigation, Vendor Advisory x_refsource_misc
https://supportkb.riverbed.com/support/index?page=content&id=S30065
Scores
CVSS v3
4.6
EPSS
0.0042
EPSS Percentile
33.8%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
riverbed/rios
< 9.6.0
Published
Apr 04, 2017
Tracked Since
Feb 18, 2026