The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Riverbed SteelHead CX

computer vulnerability alert 22896

Riverbed SteelHead: directory traversal

Synthesis of the vulnerability

An authenticated attacker can traverse directories of the Web interface of Riverbed SteelHead, in order to read a file outside the service root path.
Impacted products: SteelHead.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 02/06/2017.
Revision date: 02/06/2017.
Identifiers: VIGILANCE-VUL-22896.

Description of the vulnerability

An authenticated attacker can traverse directories of the Web interface of Riverbed SteelHead, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-7305 CVE-2017-7306 CVE-2017-7307

Riverbed Steelhead: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Riverbed Steelhead.
Impacted products: SteelHead.
Severity: 2/4.
Consequences: administrator access/rights, user access/rights, data reading, data creation/edition.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 05/04/2017.
Identifiers: CVE-2017-7305, CVE-2017-7306, CVE-2017-7307, S30065, VIGILANCE-VUL-22337.

Description of the vulnerability

Several vulnerabilities were announced in Riverbed Steelhead.

An attacker can bypass security features via Empty Bootloader Password, in order to escalate his privileges. [severity:1/4; CVE-2017-7305]

An attacker can bypass security features via Default Password, in order to escalate his privileges. [severity:1/4; CVE-2017-7306]

An attacker can bypass security features via /opt/tms/bin/cli, in order to escalate his privileges. [severity:2/4; CVE-2017-7307]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-5670

Riverbed Steelhead: information disclosure via Private Keys

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Riverbed Steelhead, in order to obtain sensitive information.
Impacted products: SteelHead.
Severity: 1/4.
Consequences: data reading.
Provenance: physical access.
Creation date: 14/02/2017.
Identifiers: CVE-2017-5670, S30065, VIGILANCE-VUL-21822.

Description of the vulnerability

An attacker can bypass access restrictions to data of Riverbed Steelhead, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Riverbed SteelHead CX: