CVE-2017-7307

MEDIUM

Riverbed RiOS <9.0.1 - Privilege Escalation

Title source: llm

Description

Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.

References (2)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Feb/25

[Mitigation, Vendor Advisory] https://supportkb.riverbed.com/support/index?page=content&id=S30065

Scores

CVSS v3 6.8

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-732

Status published

Affected Products (2)

riverbed/rios < 9.0.0b

n/a/n/a

Timeline

Published Apr 04, 2017

Tracked Since Feb 18, 2026