CVE-2017-5670

Опубликовано: 04 апр. 2017

Источник: nvd

CVSS3: 4.6

CVSS2: 2.1

EPSS Низкий

Описание

Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.

Ссылки

http://seclists.org/fulldisclosure/2017/Feb/25
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96175
Third Party Advisory
VDB Entry
https://supportkb.riverbed.com/support/index?page=content&id=S30065
Mitigation
Vendor Advisory
https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/
http://seclists.org/fulldisclosure/2017/Feb/25
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96175
Third Party Advisory
VDB Entry
https://supportkb.riverbed.com/support/index?page=content&id=S30065
Mitigation
Vendor Advisory
https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:riverbed:rios:*:*:*:*:*:*:*:*

Версия до 9.6.0 (включая)

EPSS

Процентиль: 29%

0.00105

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-hcf7-f32r-4jgm