CVE-2017-5670

EPSS 0.11%
Veröffentlicht 04.04.2017 16:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Riverbed ≫ Rios Version <= 9.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.255

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://seclists.org/fulldisclosure/2017/Feb/25

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/96175

Third Party Advisory

VDB Entry

https://supportkb.riverbed.com/support/index?page=content&id=S30065

Vendor Advisory

Mitigation

https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/

https://nvd.nist.gov/vuln/detail/CVE-2017-5670

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5670

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5670

EUVD