How severe is CVE-2017-7306?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2017-7306?

This is classified as CWE-521, which is a common weakness in software security.

CVE-2017-7306 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs

Related Vulnerabilities

CVE-2019-19093

MEDIUM

CVSS:6.5(Medium)

eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.

CWE-5212019

CVE-2020-7492

MEDIUM

CVSS:6.5(Medium)

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not ...

CWE-5212020

CVE-2021-28914

MEDIUM

CVSS:6.5(Medium)

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an a...

CWE-5212021

CVE-2021-38133

MEDIUM

CVSS:6.5(Medium)

Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.

CWE-5212021

CVE-2021-41696

MEDIUM

CVSS:6.5(Medium)

An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.

CWE-5212021

CVE-2023-25072

MEDIUM

CVSS:6.5(Medium)

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.

CWE-5212023