CVE-2017-7305

CVE Database · CVE-2017-7305

CVE-2017-7305

· MEDIUMModified

CVSS v3.1

4.6

EPSS

0.28%

Published

Apr 4, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-521CWE-521

Affected Products (1)

riverbed · riosvulnerable

References (4)

http://seclists.org/fulldisclosure/2017/Feb/25

Mailing ListThird Party Advisory

https://supportkb.riverbed.com/support/index?page=content&id=S30065

MitigationVendor Advisory

http://seclists.org/fulldisclosure/2017/Feb/25

Mailing ListThird Party Advisory

https://supportkb.riverbed.com/support/index?page=content&id=S30065

MitigationVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs