CVE-2017-7305

MEDIUM EPSS 19.8%
Published Apr 4, 20179y ago · Modified Jun 17, 20262w ago
4.6 CVSS 3.1
Medium
Find Similar
Published Apr 4, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs

CVSS Details

Base Score
4.6
Exploitability
0.9
Impact
3.6
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
19.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-521

Affected Products 1

VendorProductVersionRange
riverbedrios* ≤9.6.0

References 2

  • seclists.org http://seclists.org/fulldisclosure/2017/Feb/25
    Mailing ListThird Party Advisory
  • supportkb.riverbed.com https://supportkb.riverbed.com/support/index?page=content&id=S30065
    MitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.