CVE-2017-7306

MEDIUM

Riverbed RiOS <9.6.0 - Info Disclosure

Title source: llm

Description

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs

References (2)

[Exploit, Technical Description, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Feb/25

[Vendor Advisory] https://supportkb.riverbed.com/support/index?page=content&id=S30065

Scores

CVSS v3 6.4

EPSS 0.0007

EPSS Percentile 21.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-521

Status published

Affected Products (2)

n/a/n/a

riverbed/rios < 9.6.0

Timeline

Published Apr 04, 2017

Tracked Since Feb 18, 2026