PT-2017-17651 · Riverbed · Riverbed Rios
Published
2017-04-04
·
Updated
2024-08-05
·
CVE-2017-7305
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Riverbed RiOS versions prior to 9.6.1
Description
The issue allows physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot because a bootloader password is not required. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs.
Recommendations
For Riverbed RiOS versions prior to 9.6.1, consider setting a bootloader password to enhance security, as the absence of this password can facilitate attacks on the secure-vault protection mechanism.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Riverbed Rios