CVE-2017-5670

MEDIUM

Riverbed Rios < 9.6.0 - Information Disclosure

Title source: rule

Description

Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.

References (4)

[Various Sources] https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Feb/25

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96175

[Mitigation, Vendor Advisory] https://supportkb.riverbed.com/support/index?page=content&id=S30065

Scores

CVSS v3 4.6

EPSS 0.0010

EPSS Percentile 28.4%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

riverbed/rios < 9.6.0

n/a/n/a

Timeline

Published Apr 04, 2017

Tracked Since Feb 18, 2026