Description
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Feb/25
Mitigation, Vendor Advisory x_refsource_misc
https://supportkb.riverbed.com/support/index?page=content&id=S30065
Scores
CVSS v3
6.8
EPSS
0.0004
EPSS Percentile
12.5%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
riverbed/rios
< 9.0.0b
Published
Apr 04, 2017
Tracked Since
Feb 18, 2026