CVE-2017-7306

CVE Database · CVE-2017-7306

CVE-2017-7306

· MEDIUMModified

CVSS v3.1

6.4

EPSS

0.36%

Published

Apr 4, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-521CWE-521

Affected Products (1)

riverbed · riosvulnerable

References (4)

http://seclists.org/fulldisclosure/2017/Feb/25

ExploitTechnical DescriptionThird Party Advisory

https://supportkb.riverbed.com/support/index?page=content&id=S30065

Vendor Advisory

http://seclists.org/fulldisclosure/2017/Feb/25

ExploitTechnical DescriptionThird Party Advisory

https://supportkb.riverbed.com/support/index?page=content&id=S30065

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs