Lucene search
K
RiverbedRios

4 matches found

CVE
CVE
added 2017/04/04 4:0 p.m.48 views

CVE-2017-7305

Summary: CVE-2017-7305 concerns Riverbed RiOS where a bootloader password is optional, allowing physically proximate attackers to bypass the secure-vault protection via crafted boot. The available documents confirm that RiOS up to certain versions (notably 9.6.0 and prior to 9.6.1) does not requi...

4.6CVSS4.7AI score0.0028EPSS
CVE
CVE
added 2017/04/04 4:0 p.m.47 views

CVE-2017-7307

Riverbed RiOS before 9.0.1 is vulnerable to an elevation-of-privilege in which shell access is not properly restricted in single-user mode. An attacker with physical proximity can replace the /opt/tms/bin/cli binary to obtain root privileges and access decrypted data. The CVSS data indicates high...

7.2CVSS6.5AI score0.00333EPSS
CVE
CVE
added 2017/04/04 4:0 p.m.46 views

CVE-2017-5670

CVE-2017-5670 affects Riverbed RiOS up to 9.6.0. The issue is insecure cryptographic storage: the secure vault used for server TLS certificates can be deleted with the rm program (not shred/srm), enabling a physically proximate attacker to read raw disk blocks and potentially recover private keys...

4.6CVSS4.5AI score0.0042EPSS
CVE
CVE
added 2017/04/04 4:0 p.m.45 views

CVE-2017-7306

Riverbed RiOS before version 9.6.1 exposes a weak default password for the secure vault. This weakness can be exploited by physically proximate attackers who know the password algorithm and the appliance serial number, enabling defeat of the secure-vault protection mechanism. Documentation consis...

6.4CVSS6.5AI score0.00361EPSS