CVE-2017-7306

{"id": "CVE-2017-7306", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2017-04-04T16:59:00.283", "references": [{"url": "http://seclists.org/fulldisclosure/2017/Feb/25", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://supportkb.riverbed.com/support/index?page=content&id=S30065", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs"}, {"lang": "es", "value": "** DISPUTED ** Riverbed RiOS hasta la versi\u00f3n 9.6.0 tiene una contrase\u00f1a por defecto d\u00e9bil para la b\u00f3veda segura, lo que hace m\u00e1s f\u00e1cil para los atacantes fisicamente cercanos derrotar el mecanismo de protecci\u00f3n de la b\u00f3veda segura aprovechando el conocimiento del algoritmo de contrase\u00f1a y el n\u00famero de serie del dispositivo. NOTA: el proveedor cree que esto no cumple con la definici\u00f3n de una vulnerabilidad. El producto contiene l\u00f3gica computacional correcta para soportar cambios de contrase\u00f1a arbitrarios por parte de los clientes; Sin embargo, un cambio de contrase\u00f1a es opcional para satisfacer las necesidades de diferentes clientes."}], "lastModified": "2024-04-11T00:59:07.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:riverbed:rios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8FF29F5-75EA-450E-83ED-4ABC19B7AC6A", "versionEndIncluding": "9.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}