Vulnerability Details : CVE-2017-5670
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.
Vulnerability category: Information leak
Products affected by CVE-2017-5670
- cpe:2.3:o:riverbed:rios:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5670
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5670
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST |
CWE ids for CVE-2017-5670
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5670
-
https://supportkb.riverbed.com/support/index?page=content&id=S30065
Riverbed Support: S30065 - Riverbed Security Advisory for CVE-2017-5670, CVE-2017-7305, CVE-2017-7306, and CVE-2017-7307Mitigation;Vendor Advisory
-
https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/
Sysdream, Riverbed RiOS insecure cryptographic storage (CVE-2017-5670)
-
http://seclists.org/fulldisclosure/2017/Feb/25
Full Disclosure: CVE-2017-5670 : Riverbed RiOS insecure cryptographic storageMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/96175
Riverbed RiOS CVE-2017-5670 Local Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to